On May 5, 2015 12:16:16 PM EDT, "Stephen J. Turnbull" <step...@xemacs.org> wrote: >Franck Martin writes: > > > I did not want to burn your proposal, sorry if it passed like > > this. I just wanted to make a comment, from personal observations, > > that non-mailing list related emails have list-id too. > >I made the same observation from a theoretical point of view, so I >have no problem with you stating those facts. > >But the main point that everybody is missing is that we *do not* need >to deal with the "registration problem" in this WG because the >information to register a substantial fraction of mailing lists is >distributed in the related mailflows already, and the mailbox >providers know where to find the users for confirmation of their >intent. There's no need for new protocols. > >I would prefer to focus on getting a signature delegation protocol >specified and hopefully put into practice, discussing mailing list >verification practices when potential users bring them up.
No. I believe that entirely assumes away the hard part of the work. The hard part isn't figuring out candidate data. That can trivially be done as you suggest. The hard part is figuring out the subset of the data that's worthy of special treatment. Approximately as soon as list-id enables DMARC bypass, the bad guys will start adding it to everything. List-id is useless in this context. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
