"Thomas A. Fine" <[EMAIL PROTECTED]> writes: > So if the only way a domain can set a policy that permits* recipients > to drop unsigned or broken mail is to set a policy that it will > not use non-compliant mailing lists, then this is doomed to failure,
Maybe one solution to the mailing list problem would be to approach from a different angle. Would it be possible, for verification etc purposes, to consider mailing list traffic to have come from the mailing list not the person who submitted to the list? So, taking this list as an example, the checking, reputation etc would be done on '[email protected]' not on the individual submitters. As far as phishing is concerned, by their very nature the type of messages which phishers spoof would not legitimately be sent via a mailing list[1] to which the recipient has subscribed. Therefore receipt of any such messages via a mailing list should automatically be suspect without needing DKIM (or other checks) on the submitter. [1] Unless it is an 'announce' type list run by the actual organisation in which case verifying that it genuinely came from the mailing list should give just as much confidence and trust as verifying the RFC2821/2 entities. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
