[Asrg] Mailing list signup handshakes
Alessandro Vesely
vesely at tana.it
Wed Dec 3 11:41:37 PST 2008
(apologies for the delay)
Bart Schaefer wrote on 30 Nov 2008 13:39:41 -0800:
> On Nov 30, 2:02pm, Alessandro Vesely wrote:
> } Subject: Re: [Asrg] Mailing list signup handshakes
> }
> } Bart Schaefer wrote:
> } >
> } > We're just replacing postage with signup verification.
> }
> } Postage is for each message, signup for sender/recipient pairs.
>
> If the point of verified signup is to filter mail for which there
> has not been a signup, then the signup has to be re-verified on each
> message.
Not really. After the first (lengthy) verification the sender gets a
token (actually a password) that it will re-use to send further
messages of the same sort.
> Unless you're trusting the sender, in which case I refer
> you back to several messages from RSK.
The sender is actually a relay doing inter-domain alias
expansion/explosion. Of course it may turn out to be non-trustworthy,
which would in turn put under discussion the assumptions that led to
granting it access.
Those whitelists are based on names rather than IP addresses, so they
may be more manageable than the whack-a-mole game.
More information about the Asrg
mailing list