[Mailman-Developers] Subscription Authentication.

Ian Eiloart iane at sussex.ac.uk
Wed Aug 18 17:18:23 CEST 2010


We've been discussing mailing lists over on the ietf-dkim mailing list, and 
the issue of when a receiving MTA should trust mail from a list.

I had an idea, though it's only vaguely formed:

It would be nice if a list server would verify subscription requests using 
OAuth, Windows Live ID Delegated Authentication, or similar. Perhaps 
instead of the usual verification by email.  If 
<http://fingerprintapp.com/email-client-stats> is accurate, that's about 
35% of email users with Gmail, Yahoo, and Hotmail.

If that happened, then then the subscriber's mail system has a chance of 
understanding that the subscriber has, indeed, subscribed to the list. At 
that point, the receiving mail system might whitelist mail from that list, 
provided that it had a good DKIM signature, or an SPF pass, perhaps.

One might even build some sort of federated list management infrastructure, 
so a user could go to one site to manage all their Mailman3 mailing list 
subscriptions. With some kind of future standard, perhaps other MLMs could 
join the party later.

Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/

More information about the Mailman-Developers mailing list