I believe it. Are you saying the list managers make no effort to keep
the spam out of their lists?
No, but I don't think it's their job. As the site manager, that's my job in
general. What the list managers can add is access controls, and
authentication helps to improve the utility of such controls.
Oh, we agree there, I wasn't distinguishing between the list and site
manager, since at small sites they're often the same person.
contributors, but DKIM doesn't help there since DKIM most definitely
never says that the From: address is "real".
"real"? A signature from the sender domain at least says that if it's not
real, that's the responsibility of the sender domain owner, doesn't it?
No, all it says is "we signed this mail." A signer with a good reputation
will presumably rarely sign mail where the From: address actively
misidentifies the sender, but that's a second order effect.
the end recipient may have a very different view of the reputation of
the sender than does the list. Or, it may wish to use the message
content to modify its reputation score for the sender.
Once again, this sounds like a solution searching for a problem. I've
done the occasional bozofiltering in mailing lists, but because the people
were bozos, not spammers.
If you want strong sender authentication, we already have S/MIME, and I
wouldn't be surprised if there were list software that could use it.
NOTE WELL: This list operates according to