> On 23/Sep/10 21:16, John R. Levine wrote: > > All of this emphasis on complex designs for MLMs strikes me as a waste > > of time, since it's a tiny corner of the mail space that has not > > historically been a vector for abuse, and shows no sign of becoming one.
It may be tiny, but users will not tolerate the total destruction of mailing list traffic, which is the inevitable result of any ADSP use at both ends which is sufficent to block actual forgeries (without using whitelists). > > That's why my advice is that lists should sign their mail, which is > > easy and at worst harmless, and we're done. It's easy but useless, since the MLM doesn't have the private key needed to create a *relevant* signature. Inventing an "LDSP" to allow lists to indicate that certain List-Id:s are always associated with signatures would not be a total waste of time. But it cannot solve the "mailing list problem" alone, because the badguys would do their mischief using "lists" with List-Id:s in domains they control. They'd have the private key, so their bad-mails would trivially pass "LDSP". The missing piece is a whitelist of List-Id:s to trust. If each mailbox has a custom whitelist covering only lists the user subscribed to, there is a significant security-by-obscurity effect that means one is likely to "get away" with trusting a list that is forgeable. "LDSP" would make things more reliable, but would never be the essential component. ---- Michael Deutschmann <mich...@talamasca.ocis.net> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html