[ietf-dkim] what do mailing lists do, was list vs contributor

[Douglas Otis]

On 4/30/10 11:24 AM, John Levine wrote:
>> We need to be precise about what we mean by "trustworthy".  Even if I
>> have "some way to identify trustworthy lists" as you put it above, I
>> have to be very clear about what I'm actually trusting that list to do.
>>      
> When I sign up for a list, I trust it to send me mail that I am
> willing to receive.  Is there any other understanding of mailing
> lists that people have?
>    
Perhaps this concern should be viewed in how different email might be 
perceived.  When people are mislead into believing you recommended some 
clever script, they might be tempted to give it a try.   Just following 
a link could expose recipients to possible zero day exploits.  This type 
of social engineering is ongoing, where theft of financial information 
has risen dramatically in the last two years.

Exploits are regularly found in browser extensions like Adobe Flash, 
Acrobat, Java, and Active-X, where many are patched and reported in 
comparatively long periods after initial discoveries.  Malware taking 
advantage of these exploits often becomes modified in less than six 
hours.  Once a patch is published, it event is often followed by a flood 
of more malware, since it educates other writers.

While you may not be concerned, think of financial institutions seeing 
people's accounts ransacked. Whether they use their transactional 
domain, or some lesser known one, the need for security does not really 
change.

-Doug