On Wednesday, May 06, 2015 05:38:08 PM Stephen J. Turnbull wrote: > John Levine writes: > > > A very simple approach would be <List-Id magic here>; > > > > Not so good, since there are lists that do't have list-id > > Too bad for those lists. What matters is that an awful lot of lists > do have list-id, and even more have list-post (which is the header > that matters here). If the idea can convince p=reject-using Author > Domains, it's a big improvement for a lot of lists. > > > and spam that does. > > Don't register lists that pass spam. If spam that looks like it comes > from a list is getting through to your users, you have real problems > anyway. What else is new? I don't see an exploit here that isn't > already available to the mal-actors, and I don't see how it increases > risk substantially since it requires an iterated phish to succeed. > > I guess the main risk would be if it gives the spammers a new way to > conceal the fact that their mailboxes at Author Domains are being used > as phishing vehicles via lists based at Spammer Domains. But AIUI > that's the whole issue with TPA from the Author Domain standpoint. Is > there a *new* issue here?
TPA requires cooperation from originators and receivers, so there's no "new" issue. Any make a list approach that needs both originators and receivers to participate needs to work for both large/small originators/receivers and I don't think this does. That's not "new", but it is a problem. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc