On 4/13/2014 7:49 PM, John Levine wrote:
Meanwhile, I'm still not proposing that we train users, or even
anti-spam software to "recognize" or "validate" mailing list addresses.
What I'm proposing is a way to send mail from a list with From:
@domain-of-list.tld so that it can pass DMARC/SPF/DKIM, and allow the
left side of the @ sign to identify the actual sender of the message.
Yes, that's the 1980s percent hack.
1979, to be precise, for MMDF's relaying telephone/Arpanet mail with the
original funding agency, the Army Materiel Command, and then the NSF's
CSNet. It was difficult to find a character that made any intuitive
sense and wasn't already taken.
As an overall construct, in this case, it might work pretty well. It
preserves all of the original address in a way that is easily
machine-parseable.
It treats the list engine as a kind of gateway. This means that a reply
to that address will show up at the list host and needs to be relayed to
the intended recipient. While a bit inefficient -- and probably will
emerge as an attack vector (sigh) -- it's a plausible mechanism.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net