Yeah, RFC4871 was a proposed standard, RFC6376, four years later became an
Internet standard. Once there was a level in between...
Seems that 4 years was not enough ;-) Or we understand idea behind that
RFC wrongly...
Keep in mind that DMARC was invented long after SPF and DKIM. Also that
the original goal of DMARC was to protect heavily phished domains like
paypal.com and its authors did not expect anyone to use it on domains that
send mail to lists. It was several years later that AOL and Yahoo started
abusing DMARC to outsource the cost of phishes using address books that
they let crooks steal.
And why does RFC8058 require that fields such as List-Unsubscribe-Post:
MUST be signed?
Is it special "One click" case? I was not interested in it yet...
Yes, the idea was to prevent malicious unsubs by sending fake spam with
someone else's one-click unsub.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
