Replying to two in one. They're sorta related.
On 4/16/14 7:58 AM, Michael Richardson wrote:
It's clear to me that we need at least a non-WG mailing list for this
*technical* discussion.
Yeah, we are starting to move into solution space, which needs to be
discussed in a specific technical forum. I'll try to keep it short.
so, what you are saying is that based upon the (SMTP) To: address, the sender
needs a signal that this is a mailing list, and some way to react.
Maybe this could be combined with various SMTP DANE mechanisms, or at least,
maybe "Additional RR" could return that kind of information.
The originator (well, more to the point, the originator's mail server)
doesn't need a signal that it's a mailing list; it's simply that the
destination makes an "if I forward the mail, I'll be including this"
piece of data available, and the originator's server can then include
that in the signature of the message. I was thinking this could be in
some special kind of DMARC (or whatever) record that lived in the
mailing list's domain and could be queried by the originator's server.
Running code. we need someone to fund and participate in an experiment.
(cf: other thread about not participating in SDOs anymore)
Bah. I do need to respond in that other thread, but I've become more
sanguine about standardization after Vidya's article: I agree with a
good deal of what she says, and I think she's categorized the problem
correctly. Her having done that, I now see paths forward. More on the
other thread.
On 4/16/14 3:57 PM, John R Levine wrote:
How do I distinguish the nice mailing lists at ietf.org from random
evil spammer domains sending spam with List-ID headers?
Every proposal I've seen like this ends up tripping over the fact that
there is no technical way to distinguish between mail from real
mailing lists and spam that looks like it's from mailing lists.
At least in the back-of-the-envelope scheme I suggested, the receiver
doesn't need to distinguish mailing lists: The originator's system finds
out where the mail is going, gets some information from the destination,
and signs that and sends it with the message. The mailing list sends
that along to the recipients. When my (one of the recipient's) server
looks at that info, it determines that the originator sent the message
directly to the mailing list, and I can tell that the mailing list sent
it to me. My server doesn't need to determine whether the mailing list
is "evil"; it knows that the person with the (e.g.) yahoo.com address
sent to that mailing list from a yahoo.com server. That's what it cares
about.
(And again, anyone can choose to continue to say, "No redistributing
this message". The mailing list, or the eventual recipients if the
mailing list doesn't play, should bounce the message in that case.)
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478