>> I believe it. Are you saying the list managers make no effort to keep >> the spam out of their lists? > > No, but I don't think it's their job. As the site manager, that's my job in > general. What the list managers can add is access controls, and > authentication helps to improve the utility of such controls.
Oh, we agree there, I wasn't distinguishing between the list and site manager, since at small sites they're often the same person. >> contributors, but DKIM doesn't help there since DKIM most definitely >> never says that the From: address is "real". > > "real"? A signature from the sender domain at least says that if it's not > real, that's the responsibility of the sender domain owner, doesn't it? No, all it says is "we signed this mail." A signer with a good reputation will presumably rarely sign mail where the From: address actively misidentifies the sender, but that's a second order effect. > the end recipient may have a very different view of the reputation of > the sender than does the list. Or, it may wish to use the message > content to modify its reputation score for the sender. Once again, this sounds like a solution searching for a problem. I've done the occasional bozofiltering in mailing lists, but because the people were bozos, not spammers. >> If you want strong sender authentication, we already have S/MIME, and I >> wouldn't be surprised if there were list software that could use it. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
