John Levine writes: > > A very simple approach would be <List-Id magic here>; > > Not so good, since there are lists that do't have list-id
Too bad for those lists. What matters is that an awful lot of lists do have list-id, and even more have list-post (which is the header that matters here). If the idea can convince p=reject-using Author Domains, it's a big improvement for a lot of lists. > and spam that does. Don't register lists that pass spam. If spam that looks like it comes from a list is getting through to your users, you have real problems anyway. What else is new? I don't see an exploit here that isn't already available to the mal-actors, and I don't see how it increases risk substantially since it requires an iterated phish to succeed. I guess the main risk would be if it gives the spammers a new way to conceal the fact that their mailboxes at Author Domains are being used as phishing vehicles via lists based at Spammer Domains. But AIUI that's the whole issue with TPA from the Author Domain standpoint. Is there a *new* issue here? _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
