--On 30 April 2010 08:02:44 -0400 "John R. Levine" <jo...@iecc.com> wrote:
>>> I just don't see a plausible scenario where you you know you trust the >>> list but still want to accept or reject mail based on assertions the >>> list itself makes. > >> How about you trust the list, and it says the inbound message wasn't >> signed? The list has left the value judgement to the recipient. > > I've been using mailing lists for 35 years, and I cannot recall any where > the list manager threw up his hands and didn't manage the list's > contents. I don't think that's what I'm saying. Currently lists don't do much to authenticate senders. I don't think it's implausible that a recipient might have stricter rules than a list manager. It might be unusual, I suppose. > The conceptual model of mailing lists has been consistent for > decades: the list picks mail to pass along using whatever manual or > automated process it uses, and subscribers accept the mail the list > sends. I don't see the point in trying to retroactively redefine the > ways that lists work to try to shoehorn them into the limits of poorly > desiged security add-on. > > See "forgery" for another example of the same newthink, in which the SPF > crowd tried to persuade the world that SPF's failure to handle long > established forwarding models was the fordwarders' fault. > > R's, > John -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html