>>> 2) do we need a mechanism to alert the receiving MTA that you have >>> subscribed to a mailing list, and all messages should pass through? > > Yes, desperately. > >> Certainly a possible feature, but it seems like it won't scale very well. > > Why not?
If I were a spammer, I would tell the victim's MTA that the victim subscribed, then send the spam. These days most subscriptions are entered on a web page, and if you're lucky the mailer will send a confirmation message with a URL that sends the subscriber back to the web page. Where's the MTA going to get the subscriber info? The challenges in designing a protocol that neither makes unreasonable demands on users and MUAs nor is easily spoofed by hostile mailers seem insurmountable to me. If you're planning to keep a reputation database of mailers who send credible subscription announcements, why not just whitelist their mail? Since as far as I know nobody does this, it's a resarch topic, so I've directed replies to the ASRG. See you there. Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
