[ietf-dkim] what do mailing lists do, was list vs contributor
dotis at mail-abuse.org
Fri Apr 30 13:52:32 PDT 2010
On 4/30/10 11:24 AM, John Levine wrote:
>> We need to be precise about what we mean by "trustworthy". Even if I
>> have "some way to identify trustworthy lists" as you put it above, I
>> have to be very clear about what I'm actually trusting that list to do.
> When I sign up for a list, I trust it to send me mail that I am
> willing to receive. Is there any other understanding of mailing
> lists that people have?
Perhaps this concern should be viewed in how different email might be
perceived. When people are mislead into believing you recommended some
clever script, they might be tempted to give it a try. Just following
a link could expose recipients to possible zero day exploits. This type
of social engineering is ongoing, where theft of financial information
has risen dramatically in the last two years.
Exploits are regularly found in browser extensions like Adobe Flash,
Acrobat, Java, and Active-X, where many are patched and reported in
comparatively long periods after initial discoveries. Malware taking
advantage of these exploits often becomes modified in less than six
hours. Once a patch is published, it event is often followed by a flood
of more malware, since it educates other writers.
While you may not be concerned, think of financial institutions seeing
people's accounts ransacked. Whether they use their transactional
domain, or some lesser known one, the need for security does not really
More information about the ietf-dkim