On Wed, Apr 16, 2014 at 1:57 PM, John R Levine <johnl@xxxxxxxxx> wrote:
How do I distinguish the nice mailing lists at ietf.org from random evil spammer domains sending spam with List-ID headers?
Every proposal I've seen like this ends up tripping over the fact that there is no technical way to distinguish between mail from real mailing lists and spam that looks like it's from mailing lists. Hence you need a whitelist for the real mail, at which point all of the mechanism beyond the key for the whitelist (probably a DKIM signature) is superfluous.
Let's assume for the moment that a whitelist is the only option. (Pete made a different suggestion that I haven't read fully yet, for example.) Do you envision each operator maintaining its own whitelist, or one or more public registries of them, or something else?
It may be the case that it's the only way, but if so, then someone needs to write down some how-tos on this as well. May as well begin to develop that idea.
-MSK