>I didn't mean to suggest MLM's should stop doing the things they do that >breaks DKIM signatures. I'm actually a fan of the A-R header (or >perhaps a new one) approach -- used in a clear (profiled?) way -- so >MLM's can assert to receivers that they verified the senders signature >before processing and re-signing it.
I still don't understand how this could be useful. Even if you believe that list members care whether mail to the MLM was signed, how you can tell whether an A-R header is credible? The only way I can think of is to keep a giant list of trustworthy list signatures. But if you know that the list is trustworthy, why wouldn't you just deliver its mail, A-R header or not? The category of "mail from lists that we trust, but that are too dim to manage their inbound submissions" doesn't strike me as being large enough to worry about. R's, John _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
