On Wed, Jun 4, 2014 at 8:39 AM, Stephen J. Turnbull <step...@xemacs.org> wrote:
> If I understand you correctly, we actually already have the mechanics > for this in place. Most sites like Yahoo! allow you to whitelist a > sender. This could be extended to allow whitelisting based on the RFC > 2369 List-Post field (simple to implement but requires subscriber > action if the List-Post address changes) or the RFC 2919 List-Id field > (complicated because it doesn't correspond directly to any domain, > you'd need some kind of DNS support which would be a bad idea to > special case lists). > > Then just DKIM sign, and have the destination check for List-Post (not > from) identity alignment. Not as much trouble as you suggest. > > Murray, is there something here? > Unless I'm missing something (which is likely given how little caffeine has hit my system so far this morning), this reduces to whitelisting the DKIM signing domain which in this case would be the list operator's domain, correct? If that's the case, you still have the scaling problem of populating the whitelist. How would Yahoo! go about doing that, for example? They claim at least 30,000 such cases that ideally would land in that list automatically somehow. -MSK _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
