There's a scenario where a spammer/phisher sets up a mailing list,
adds a bunch of addresses to the list and then sends a message with a
paypal.com From: address through the list. The DKIM signature will
obviously be invalid, but a MTA/spam filter won't be able to decide
whether this is because the message didn't really come from Paypal,
or because it did but the mailing list broke it.
I don't see how this poses any new problems.
If you believe in ADSP or manual drop lists, you drop the message
because it's from paypal.com and it's unsigned. I think we can expect
that we won't see any real paypal.com mail coming through lists.
Otherwise, it's just spam. Does anyone treat List-ID: or other list
headers as a not-spam indicator unless it's from a list that you have
reason to think has local subscribers? I certainly don't.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html