In article <6DD54672-A321-42A8-837C-0F5A85A2D796@xxxxxxxxxxxx> you write: >It seems to me that catering to senders whose unsubscribe volume is so >high as to overwhelm their email systems should not be a priority. People at large mail systems tell me it's a fact of life. Long before this particular hack ever came up, they already had problems of accidentally DoS'ing other mail systems by mistake when something provoked a lot of responses. In any event, our goal here is to help make mail less lousy, not to make a statement about how we think people should design their systems. >Can you explain the DKIM requirement in more detail? Is the MUA required >to verify the DKIM signature? Or is it expected to alternatively trust >any Authentication-Results header? That's an implementation detail. In the most likely implementations, it's web mail so the MDA and MUA are all the same system. > What purpose does the DKIM signature >serve, if there is no required correlation between the authenticated "d=" >value and the authority of HTTPS unsubscribe URI? It gives the recipient system a handle to use to decide whether they trust the message enough to use the list-unsubscribe and list-unsubscribe-post. The postmaster at the world's largest mail system has told me that this is useful to them. >What are the cross-origin risks in allowing the incoming mail to trigger >a POST to a URI of the sender's choice with sender selected parameters? I would think that it's about the same as the GET that List-Unsubscribe already can trigger. We've lived with that for nearly two decades. >The Examples in Section 7 don't have anything resembling HMAC signatures >over the recipient + list data, or opaque nonces that identify both. The examples in the upcoming -06 are slightly opacified. R's, John