On 4/30/15 10:03 AM, Kurt Andersen wrote: >> It is not overly >> > complicated, considering I’m mostly the only one to subscribe to MLM with >> > my corporate email address, but I wanted to mention the presence of such >> > headers is not foolproof. >> > > With List-Id becoming a more generic feedback channel, I suspect that its > value for indicating the participation of a MLM will further degrade. Dear Kurt,
Rather than seeing List-ID as representing feedback, it can be used to restrict the scope of an authorization scheme as a way to acknowledge a known relationship closely monitored by the domain granting authorization. Limiting the attack surface so to speak. This would allow less disruptive methods in seeking cooperation in the removal of an errant participant as described by TPA-Label. TPA-Label does not require modifications made to current verification schemes. It simply leverages available identifiers using a highly scalable authorization method with little DDoS risk. Domains wishing to improve protections beyond what a "public" assertion would allow can adopt TPA-Label to offer actionable and lower disruptive policy handling request adjustments. Such "pointy stick" feedback better ensures cooperative message handling. When authorization is based on comprehensive message signatures, this feedback can not be leveraged by malefactors. Regards, Douglas Otis _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
