>Building on the FROM_IS_LIST idea, rather than having the From be >rewritten to simply "list@xxxxxxxxxxx" why not establish a convention >(dare I say "standard?") to encode the real from address and list to the >left of the @ sign? The rub with DMARC/SPF/DKIM is the domain itself, >not the whole address. This is a minor tweak of the "authenticated phish via on-behalf-of" proposal. Spammers can send mail that looks a lot like mailing lists, you know. From: Paypal Security <security@xxxxxxxxxxxxxxxxxxxxxxx> But wait, I have an even better idea, Nobody ever thought of this one! From: Paypal Security <security%paypal.com@xxxxxxxxxxxx> R's, John PS: You can safely assume that any possible workaround for mailing list From: lines has been invented, argued about, and discarded at least a dozen times already. The response to pretty much all of them is that you have to know it's a real mailing list to trust the hack, but if you know it's a real mailing list, just deliver the fripping mail.