On Fri 11/Sep/2020 00:50:41 +0200 Douglas E. Foster wrote:
The Alternative
All of these problems can be avoided if the subscriber is given an alias at
enrollment, and the alias is used for all messages relayed on the subscriber's
behalf. For this list, my alias could be [email protected]. Messages
sent to an alias address must be submitted through the list operator, and the
list manager should have logic to reject messages from a non-subscriber that
are targeting a subscriber alias.
Because the personal email address is only known to the list operator,
harvesting is impossible. Any aliases that are harvested from the list will
be unusable by a spammer operating outside the list.
For the same reason, if a misbehaving subscriber is ejected from the list, he
immediately loses access to the people who were the victims of his actions.
List spoofing becomes less effective as well. Legitimate list messages can be
validated using DMARC with p=reject on the list domain. Spoofed messages
that reach the user will not have a From address in the list domain and will
not follow the pattern of list aliases.
Overall, I conclude that mailing lists have much to benefit from intelligent
use of DMARCv1 as previously specified.
That alternative to [email protected] (and
original From: copied to Reply-To:) has some point. I agree it should be
mentioned among the set of solutions to the MLM problem that this WG is collecting.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
