On 4/16/14 11:03 PM, John R Levine wrote:
The originator (well, more to the point, the originator's mail
server) doesn't need a signal that it's a mailing list; it's simply
that the destination makes an "if I forward the mail, I'll be
including this" piece of data available, and the originator's server
can then include that in the signature of the message. I was thinking
this could be in some special kind of DMARC (or whatever) record that
lived in the mailing list's domain and could be queried by the
originator's server.
The magic token has to be cryptographically tied to the contents of
the original message
No it doesn't. It has to be cryptographically tied to the mailing list's
re-sending of the message. How to do that with asymmetric keys should be
discussed somewhere other than on this list.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478