On May 7, 2014, at 2:58 PM, Murray S. Kucherawy <[email protected]> wrote:
> On Tue, May 6, 2014 at 11:03 PM, Terry Zink <[email protected]> > wrote: > This is more or less John Levine's suggestion from several days ago: it is a > whitelist. > > Ideas like TPA, ATPS and others are essentially whitelists owned by the > domain whose mail might get re-signed, versus John's notion of one or more > master whitelists for all known potential legitimate re-signers (e.g., > mailing list operators). Wouldn't this whitelist be painting a bullseye on listed members, begging spammers to increasingly target them? In much the same way that many of the more sophisticated spammers today prefer to exploit legit servers by compromising user credentials. No doubt some ML operators have an adequate multi-layered defense between their lists and the internet and can keep out increasingly motivated hackers. But I fear that description doesn't apply to the vast majority of operators. It wouldn't take very many successful attacks before the value of said whitelist was greatly diminished. Matt
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
