[ this is well trodden ground, so I will try and keep this short ] >Agreed, but the fact that it's a mailing list that is doing this >isn't significant. It could be any intermediary that is willing to >take responsibility for the message by signing it. Their reputation >now becomes a factor in the disposition of the message.
Right. As JD and others have often pointed out, mailing lists should sign their mail like anyone else, and recipients handle it based on the list's reputation. If we're going to encourage list operators to change their software to deal with DKIM, sensible changes would help them be sure that unwanted mail doesn't leak onto the list, perhaps using DKIM and ancillary reputation systems. That will help all subscribers getting mail from the list, whether they use DKIM or not. A few milliseconds of thought should reveal that a scheme that allowed a list to assert that incoming mail was signed would instantly be abused by spammers who would start sending from "lists" that claimed to be passing through signed mail from domains with good reputations. You'd have to decide whether you trust the list, and if you're going to do that anyway, just deliver the mail from people you trust like you do for any other mail and you're done. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
