> The basic problem is that mailing lists are for all intents and > purposes forging content when they don't change the From address but > insist on adding trailers and subject line changes, blah, blah, > blah.
I don't find "forging" to be a useful description of what mailing lists do. It's true, they send mail from someplace other than the normal place associated with the From: address, but that's no more forgery than my sending a postcard on vacation with my normal return address but funny foreign stamps and postmarks. It's also not the only situation where a third party sends legitimate mail on someone's behalf, with another familiar example being the mail-an-article feature on newspaper sites. I have several hundred small business users that receive mail addressed to their various company domains hosted here. Although I provide outbound SMTP relay service, maybe half use it and the other half just send through their own ISP accounts, so mail for those domains goes out through Road Runner, Verizon, and a dozen other little ISPs you never heard of. Would a DKIM signature match the From: address? Not likely, it's all they can do to get their POP accounts set up, so their ISPs will sign it. But it's not forged. Our lives would be simpler if everyone would mail only in ways that matched our favorite simple security model, but disparaging real mail sent in inconvenient ways as "forging" isn't going to make that happen. R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
