Daniel Black wrote:
On Thursday 08 October 2009 17:07:30 Stephen J. Turnbull wrote:
Wouldn't it be more straightforward (not to mention that it would work
for many more lists) to have an LDSP RFC, whose first draft simply
takes the ADSP RFC and substitutes "mailing list" for "author"
everywhere, and "RFC 2369 and RFC 2919 headers" for "From"?  (The
point of multiple headers is that "active" headers like List-Subscribe
could contain bogus URLs.)
Doing so would allow List-* headers to be added by every spoofer, add their own signature and get immunity from spoofing every author domain while the end user doesn't notice because the List-* headers are hidden in the MUA (in most cases).

And this is different from sending signed mail From: iams...@spammersrus.com how? If you're answer is "appearance in the MUA" then the answer is to fix the MUA. Besides, any halfway decent anti-UCE technology will quickly ban the signing domain, limiting any user impact (although making life more difficult for mailing list admins without aggressive anti-UCE measures of their own).

--
Carson

_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Reply via email to