[ this is well trodden ground, so I will try and keep this short ]
Agreed, but the fact that it's a mailing list that is doing this
isn't significant. It could be any intermediary that is willing to
take responsibility for the message by signing it. Their reputation
now becomes a factor in the disposition of the message.
Right. As JD and others have often pointed out, mailing lists should
sign their mail like anyone else, and recipients handle it based on
the list's reputation. If we're going to encourage list operators to
change their software to deal with DKIM, sensible changes would help
them be sure that unwanted mail doesn't leak onto the list, perhaps
using DKIM and ancillary reputation systems. That will help all
subscribers getting mail from the list, whether they use DKIM or not.
A few milliseconds of thought should reveal that a scheme that allowed
a list to assert that incoming mail was signed would instantly be
abused by spammers who would start sending from "lists" that claimed
to be passing through signed mail from domains with good reputations.
You'd have to decide whether you trust the list, and if you're going
to do that anyway, just deliver the mail from people you trust like
you do for any other mail and you're done.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html