Doug, > Most lists confirm the email-address by mailing back a link to verify > that the participant indeed receives email at that email-address and > wishes to subscribe to the list, a double op-in. Will participants on > a list need to have their own certificate? You seem to be validating > Phillip's concept of using trusted certificates rather than DKIM's > self issued public keys. That's not really where I was going. What I more envision is that a mailing list will have its own reputation that will match the LCD of the list, just as you say, but that the way to protect against that is for lists to be at least a little picky about who they allow on. After all, we've said that dkim is just a part of the solution, and we've indicated that reputation systems are important (albeit out of scope for this group), so why not let them address this problem as well?
> Sender beware. If it were to become common practice to overlay or > remove the DKIM signature upon delivery... The ONLY time one removes a signature is when one breaks it. Eliot _______________________________________________ ietf-dkim mailing list http://dkim.org
