>Let's say I route all traffic from list X to its own separate >mailbox, but I also want my MUA to flag for special attention mail >sent to that list by people I hold in high regard, for example, and I >want that to be based on their accumulated reputations. I either >have to base that on something forgeable like From:, or on something >reliable like "d=". That doesn't seem magical to me.
In my experience, if a mailing list is worth delivering at all, the addresses on the From: line are plenty reliable for bozo or anti-bozo filtering, and don't require an extra magic step to decide whether the signature is sufficiently related to the author's address. A plan that expects every contributor to have a separate d= reputation domain seems pretty unlikely to work outside the lab. Maybe I'm not not imaginative enough, but all the scenarios for recipients using contributor signatures are either things we are doing already without signatures, or things that nobody has shown any interest in doing in the past several decades even though there were other ways to do them. I can think of some reasonable uses for contributor signatures at the MLM, e.g., skip the verification step for adds or removes if enough previous requests from the same signer were confirmed. But not for passing them through to the recipients. As I've said, I'm not opposed to experiments so long as they don't involve breaking things that work now. So adding a signed A-R is fine, removing signature tags and headers and footers is not. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
