Murray S. Kucherawy wrote:
On Wed, Apr 16, 2014 at 1:57 PM, John R Levine <johnl@xxxxxxxxx
<mailto:johnl@xxxxxxxxx>> wrote:
How do I distinguish the nice mailing lists at ietf.org
<http://ietf.org> from random evil spammer domains sending spam
with List-ID headers?
Every proposal I've seen like this ends up tripping over the fact
that there is no technical way to distinguish between mail from
real mailing lists and spam that looks like it's from mailing
lists. Hence you need a whitelist for the real mail, at which
point all of the mechanism beyond the key for the whitelist
(probably a DKIM signature) is superfluous.
Let's assume for the moment that a whitelist is the only option.
(Pete made a different suggestion that I haven't read fully yet, for
example.) Do you envision each operator maintaining its own
whitelist, or one or more public registries of them, or something else?
It may be the case that it's the only way, but if so, then someone
needs to write down some how-tos on this as well. May as well begin
to develop that idea.
Well... yahoo, aol, and others DO keep whitelists now - and various
mechanisms for getting on them. Yahoo doesn't, however, seem to apply
their whitelisting methods to their own mail that's passed through
DMARC. Hmmm.....
Miles
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra