[Mailman-Developers] feature request: one-click setting to preserve DKIM
Mark Sapiro
mark at msapiro.net
Tue Dec 6 22:30:59 CET 2011
On 12/5/2011 10:58 AM, Monica Chew wrote:
> For context, I work at Google on Gmail spam, and one of the things we've
> been doing as an anti-phishing measure is enforcing that mail from certain
> highly-phished domains must be signed with the DKIM key of the purported
> sender. We started this several years ago for just ebay and paypal (
> http://gmailblog.blogspot.com/2008/07/fighting-phishing-with-ebay-and-paypal.html)
> and for the last couple of years have been trying to do it for
> google.comand a handful of other domains as well.
>
> A side effect of this has been that mailing-list mailing has been
> particularly difficult to classify. We've mostly solved the problem for
> groups that we host, but external mailing lists have been a continual
> challenge. As a result, many Google employees who want to participate in
> standards and open source communities have been unable to (see for example
> http://lists.openid.net/pipermail/openid-general/2009-June/018364.html,
> where both mail from Google and Facebook employees were not delivered to
> openid gmail members) with their standard mailing address.
It seems you could solve this particular problem by allowing gmail users
an option (non-default) to receive such mail with a "phish" warning
rather than not receiving it at all.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list