On Fri, 16 Oct 2009, hector wrote: > [email protected] wrote: > > But you don't need to be a vanity domain to *advertise* except-mlist, and > > us vanity domains would appreciate it if you do. > > If you could Package this and provide it as a persistent protocol > methodology for everyone to follow, then GO WEST!!
The problem is that any solution that doesn't require the intelligence typically only possessed by vanity domains, will require a global whitelist of mailing lists -- so that spammers and phishers cannot make fake lists just to use the back door. To improve upon except-mlist as I've described it, every mailinglist in the whitelist must be unforgeable -- either via SPF, or a third-party DKIM. No exceptions, since the public whitelist neutralizes the SbO advantage of the vanity-domain approach. Then, we have the problem that a site can only publish "dkim=except-mlist-on-global-whitelist" if it *knows* that none of it's users subscribe to mailinglists unknown or unacceptable to the GW. So, we've then made a lateral move from a policy that can only be *applied* by vanity domains, to one that can only be *advertised* by vanity domains.... It's still a worthy goal, which is why I've suggested that we also reserve a namespace of policy names which devolve to except-mlist when not specifically known to a validator. It just doesn't replace naked except-mlist. (Actually, I see one escape from the global whitelist -- a sender could program his mailserver to recognize mail outgoing to trusted mailing lists and use l=0 signatures in that case. But that is also practical only for vanity domain senders.) ---- Michael Deutschmann <[email protected]> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
