Harald points out some significant issues with pre-existing software.
I dispute his conclusion that a failed signature means that the message will
be thrown in the trash. Most filters (and certainly any compliant with the
criteria being discussed) would quarantine mail with a failed S/MIME
signature rather than discard.
The second point I would make is that the mailing list software is not
immutable. In fact mailing list software is likely to be rapidly upgraded to
support anti-spam filters very quickly since the manual anti-spam moderation
is a significant burden on the list admin.
The problem of broken, obsolete MUAs that do not support S/MIME cannot be
allowed to represent a veto. They have had plenty of time to upgrade, there
are plenty of free MUAs that work. I have a lot of time for deployment
problems when the people with the problem are not technologically
sophisticated and the only solutions are geekware. I have no time at all for
so-called technologists who refuse to eat their own dog food.
That said, yep, non-MIME based signatures may well be necessary. But this is
because the authentication model is diferent. We ae not authenticating at
the user level, we are authenticating at the domain level. Nobody is going
to block individual users of hotmail as spam senders, it is hotmail's job to
make sure that their customer's behave.
Phill