>>> All of this emphasis on complex designs for MLMs strikes me as a waste >>> of time, since it's a tiny corner of the mail space that has not >>> historically been a vector for abuse, and shows no sign of becoming one. > > It may be tiny, but users will not tolerate the total destruction of > mailing list traffic, which is the inevitable result of any ADSP use at > both ends which is sufficent to block actual forgeries (without using > whitelists).
Good point. So it's two things, lists should sign outgoing mail, and discard any incoming mail with dkim=discardable. Since RFC 5617 says that discardable domains should not send mail to lists, nobody who can read should be affected by that. >>> That's why my advice is that lists should sign their mail, which is >>> easy and at worst harmless, and we're done. > > It's easy but useless, since the MLM doesn't have the private key > needed to create a *relevant* signature. Hmmn. I'm not sure what you're talking about here, but since neither DKIM nor ADSP say anything about "relevant" signatures, it can't be either of them. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
