I would agree with you that valid signatures still require help in the
area of positive reputations. But IMO, failure detection provided
with DKIM+POLICY is where you don't really need reputation.
Just consider reputation is already widely in practice in many forms.
Many believe that good signatures will not trump a bad rap and vice
a versa, bad signatures will not trump a good rap. So whats the rule
here? Does reputation trump DKIM/POLICY? Is it don't by weights? Or
some does certified trusted service govern who is good or bad?
Whether or not you should apply someone's policy declarations is more of
a function of their class than their reputation. You can't assume that
'significant' is the same thing as 'reputable'.
If I think social networks have a reasonable use case for policy
declaration, then it doesn't really matter how heavily one is abused
versus another. I'm going to apply both their policies regardless.
We'll never get anywhere if we keep dragging 'good' and 'bad' into it.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html