Now, Keith will no doubt argue that DKIM is of marginal value at best unless we extend it into these areas. Simply put, I disagree. For example, even in the absence of SSP DKIM at a minimum provides a service that can make whitelisting/blacklisting far more reliable.
I strongly disagree. If DKIM is used in this way it can only address a one or two of the several problems with blacklists - one of which is granularity and the other is the frequency with which IP address blocks get reassigned to other parties - particularly when they get blacklisted. I've seen too many problems with blacklists that were unrelated to either of these.
Simply put, blacklists lie. More generally, any time a party (e.g. a blacklist) is entrusted to make decisions on behalf of a huge number of parties with diverse interests and needs (recipients), it's going to make a poor decision a significant fraction of the time. Some blacklists are more responsible than others, but I haven't yet seen one that, if trusted to block mail, doesn't block a significant amount of legitimate mail.
Keith _______________________________________________ ietf-dkim mailing list http://dkim.org
