Daniel Black wrote:
On Thursday 08 October 2009 17:07:30 Stephen J. Turnbull wrote:
Wouldn't it be more straightforward (not to mention that it would work for many more lists) to have an LDSP RFC, whose first draft simply takes the ADSP RFC and substitutes "mailing list" for "author" everywhere, and "RFC 2369 and RFC 2919 headers" for "From"? (The point of multiple headers is that "active" headers like List-Subscribe could contain bogus URLs.)
Doing so would allow List-* headers to be added by every spoofer, add their own signature and get immunity from spoofing every author domain while the end user doesn't notice because the List-* headers are hidden in the MUA (in most cases).
And this is different from sending signed mail From: IAmScum@SpammersRUs.com how? If you're answer is "appearance in the MUA" then the answer is to fix the MUA. Besides, any halfway decent anti-UCE technology will quickly ban the signing domain, limiting any user impact (although making life more difficult for mailing list admins without aggressive anti-UCE measures of their own).
-- Carson