On 2019-04-11 19:45, Grant Taylor via mailop wrote: > How does that add accountability?
[email protected] is only published to MegaCorp, so any non-MegaCorp email received at [email protected] implies that MegaCorp has an email privacy issue. > I feel like it's still subject to address harvesting. Filter the old token then issue a new one to MegaCorp when that happens? > Unfortunately too many MegaCorps balk at the "+" in the email address. Or at > least WAY TOO MANY web forms do. The subaddress delimiter is MTA specific, i.e. ymmv. ;) > Or did you mean some sort of (loose) authentication ~> authorization by > tying the from address to the receiving address? Nice. The subaddress can encode assertions regarding the sender, e.g. bob+dkimMegaCorp.com requires the email to be signed by MegaCorp Were this format well-known, then MegaCorp would know that 3rd party contact is forbidden and it has to broker the email transaction. > I like this idea, and have used a form of it. But it has a weakness of > MegaCorp outsourcing things to 3rd parties that send email legitimately on > MegaCorp's behalf to you from an email address not associated to the > receiving address. Sure. Any non-compliant email below a rate-limit is filtered to spam? Patrick _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
