Dave Crocker wrote:
They don't. They need to be part of the larger
ecosystem here, and they certainly do not have a god-given
right to preserve the From: address and completely change
the content with complete impugnity.
Well, pretty much, they do.
Absent violations of an Internet standard, a mailing list's software may
make whatever changes the operator of the mailing wants or is willing to
tolerate.
With DKIM, they will be in "violation" of an Internet standard insofar
as they corrupt a legitimately signed piece of email, and preserve the
From: address. To a receiver, there is absolutely no difference
between that case and the case that we'd like to guard against,
namely spoofing of From: addresses.
Mailing list software and their operators are perfectly at liberty
to stick their head in the sand, but I'm perfectly at liberty as
a receiver to treat mailing list email the same way that I treat
other likely forgeries. As it turns out, "I" being somebody who
lives and dies by mailing lists don't want to see that happen,
but "I" as the great unwashed masses of email operators could
probably care the least about the microscopic amount of list
traffic if DKIM adoption me a better user experience on the
fraud/phishing front.
The object here is to reach an accommodation between these
two competing needs.
I think that you think we are in a negotiation with the mailing list
community.
"Negotiation" and "community" are your words, not mine.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html