The basic problem is that mailing lists are for all intents and
purposes forging content when they don't change the From address but
insist on adding trailers and subject line changes, blah, blah,
blah.
I don't find "forging" to be a useful description of what mailing
lists do. It's true, they send mail from someplace other than the
normal place associated with the From: address, but that's no more
forgery than my sending a postcard on vacation with my normal return
address but funny foreign stamps and postmarks. It's also not the
only situation where a third party sends legitimate mail on someone's
behalf, with another familiar example being the mail-an-article
feature on newspaper sites.
I have several hundred small business users that receive mail
addressed to their various company domains hosted here. Although I
provide outbound SMTP relay service, maybe half use it and the other
half just send through their own ISP accounts, so mail for those
domains goes out through Road Runner, Verizon, and a dozen other
little ISPs you never heard of. Would a DKIM signature match the
From: address? Not likely, it's all they can do to get their POP
accounts set up, so their ISPs will sign it. But it's not forged.
Our lives would be simpler if everyone would mail only in ways that
matched our favorite simple security model, but disparaging real mail
sent in inconvenient ways as "forging" isn't going to make that
happen.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org