Maybe you did not understand my message. I know what you say. However:
I see a message from a list as a message-from-a-list , not as a forwarded-message-from-a-list-user. Because: How can a user authorize someone to send a message on behalf of his/her name (by sending an email). This should not ever happen. Example: A bank sends me an email which was authorized (in some way). I now forward this message. The message is genuinely not modified. But it still does not authorize me to send this email pretending to be the bank, even if it is the same message. Conclusion: If an email was sent by me, it should be authorized/authenticated by me.
For mailing lists you might want to indicate that the message can be interpreted as being forwarded for a specific user. In that way the user-interface of the email client can reply to a user directly instead of the mailing list. If that is what one wants.
David Hofstee
Deliverability Management
MailPlus B.V. Netherlands (ESP)
-----Oorspronkelijk bericht-----
Van: John Levine [mailto:johnl@taugh.com]
Verzonden: Monday, March 31, 2014 4:47 PM
Aan: mailop(a)mailop.org
CC: David Hofstee
Onderwerp: Re: [mailop] IPv6 DNSBL
>I don't see how forwarding should break authentication.
This is SPF's famous limitation. It's been debated to death, no need to rerun the argument again.
DKIM survives normal forwarding, which was one of its design goals, but mailing lists typically modify the message by adding subject tags or message footers, stripping attachments, and the like, which breaks the incoming signature. That's been debated to death, too.
It always seemed to me that lists should sign their mail, publish SPF for the lists's bounce addresses, and recipients would use the list's reputation to filter, Some people apparently have a security model I don't understand that evaluates the spamminess of list messages by the presence of signatures from the individual contributors.
R's,
John