In article <camsgclbbus2p6zr5bmscxefgppcvo-revmaswvkznxz4oo6...@mail.gmail.com> you write: >On Sun, Jul 22, 2018 at 3:18 PM Grant Taylor via Mailman-Users < >mailman-users@python.org> wrote: > >> On 07/21/2018 02:24 PM, John Levine wrote: >> > I know people working on whiteish lists to use with ARC, to say that >> > these domain are known to host real mailing lists so you should believe >> > their ARC assertions. > >Why not just have that list, and a X-Trust-Me: YES header? It would be much >simpler to implement than ARC.
There turns out to be an actual answer to this question, which I have asked people from Google. When someone gets his address book stolen from his botted PC, spamware will send spam to everyone in his address book using his address on the From: line. If some of those addresses are lists, those lists will generally forward the spam even though they are otherwise legit. Google tells me this happens often enough that they can't just whitelist mailing lists, and ARC gives them the clues to tell forwarded bot spam from forwarded real mail. I've certainly seen it both on lists I run and lists I subscribe to. As I said a few messages ago, if lists did more stringent tests on incoming mail, a lot of this complexity could be avoided, but they don't so it can't. R's, John ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org