On 21/01/2021 09:15, Stefano Bagnara via mailop wrote: > Of course a DNS method to let domains opt-in to such a generic system would > be cool, but unless we think 100% of domains will adopt openid we'll still > have the subscription bombing issue around, for every form not using this > "new method" and every recient on a domain not using this method.
If you had enough adoption (e.g. from the big mailbox providers) then it would be viable to require support for from operators of mailing lists (note: support for the process, not necessarily requiring recipient domains to use it) and anyone who receives a flood of subscription requests will then be persuaded to implement it. > So I like your proposal, but I was looking for best practices to deal with > what happens now: forms being abused to fill email inboxes of innocent > victims. I don't think there is any other option. You have no way of knowing who else is subscribing the same user, through wildcard addresses or otherwise. Even if you had collaboration between major email senders to share this information there would still be many more independent mailing list installations. The next step in the denial of service process would be to ensure that you can't subscribe to anything because your address is permanently on the "receiving a flood of subscription requests" database. -- Simon Arlott _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop