Every description of a "replay attack" is also a description
of a mailing list. Anything that stops mail delivered by
"replay attacks" will also stop mail delivered by mailing
lists. The only difference between the two is mental state.
If we think it's spam, it's a replay attack, if think it's
good mail it's a mailing list.
Not quite, a mailing list can resign the message if it is DKIM capable.
I think that we need to look at the problem naked DKIM solves as being
an adjunct to a spam filtering mechanism that is adaptive. This is a
major culture shock for the security area since we usually try to design
systems that are complete and address every anticipated attack.
This is not what people who are in the spam control business are looking
for, they already have systems that solve 90% of spam problems and they
want to add authentication because it shuts down many of the tactics
used in the remaining 10%.
But DKIM is being presented as a security solution for ubiquitous
deployment.
That means that it has to provide value to the wider community of users,
beyond simply allowing people to send their messages to big ISPs.
We could spend time trying to argue down this criteria but it is much
quicker and easier to meet it.