The issue here isn't reputation (although this may come up in that
context, too); the issue is whether a given signature is interpreted as
an Originator Signature or not by SSP.
Seems to me that any algorithm more complex than comparing the From:
domain to the signing domain will die in the Swamp of Unforseen and
Unmanageable Complexity. If you mean something different when you sign
list mail than when you sign individual mail, use a different signing
domain. As Jon reminded us, the semantic granularity of DKIM is domains,
not mailboxes.
i= Identity of the user or agent (e.g., a mailing list manager)
Although 4871 doesn't specify any semantics associated with the
local-part of i=, if it had been intended to be an opaque token, it
would have been worded differently.
Now wait a minute. I don't see the word "mailbox" or "address" there, I
see the carefully neutral term "identity". The following text says that
it has the syntax of a mailbox, not the semantics of a mailbox.
It's a cookie, just like the cookie that the late lamented RFC 1413 IDENT
returns. In many cases those cookies may happen to match mailbox names,
but in just as many cases they don't, and it's poor design to assume that
they do. See the informative discussion two paragraphs later.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html