On 9/12/14 10:27 AM, Dave Crocker wrote:
What tends to be missed, throughout all of the discussions about dealing
with the effect on intermediaries such as mailing lists, is that most or
all of the mechanisms being discussed for intermediaries will work
equally well for bad actors...
Dave,
First, I don't think that point has been missed, as it's been repeated
so often. :) Second, if you change the From: to be @<mailing list
domain> the message is still protected if the mailing list domain uses
SPF, DKIM, or better yet, both; AND the receiving system verifies them.
Or, put differently, faking Bad.Actor@<valid domain> is one of the
scenarios that SPF/DKIM/DMARC are specifically designed to address. It's
not clear how creating a solution which will allow mailing list traffic
to flow will weaken that.
Doug