On 5/2/10 11:10 AM, Alessandro Vesely wrote: > John Levine wrote: > >>>> Is there some long-standing toxic effect of mailing lists other than >>>> that they don't fit the simple identity models used by recently >>>> devised authentication schemes? >>>> >>> The opt-in mechanism, I'd say. There's no standardized way for >>> subscribers' servers to learn about subscriptions. >>> >> Even if you consider that to be a problem, what could it possibly have >> to do with DKIM? >> > Just that if there were a handshake between a list server and a new > subscriber's MX, they could also agree upon ADSP forwarding, e.g. by > whitelisting the list server. > To retain security, the sender's domain needs to assert domain specific exceptions for "all" or "discard-able" ADSP policies.
Someone subscribed to a mailing list does not mean the list then has any purported sender's blessing to make exceptions, especially when some lists don't prevent simple spoofing. From a security stand point, it would also be unwise to have automated exchanges with mailing-lists prompted by receipt of messages needing exceptions. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
