In article <alpine.LRH.2.01.1409142034180.30233@xxxxxxxxxxxxxxx> you write: > >It seems to me that the wrapped original mail could be signed by the >forwarding list processor so that the DMARC recipient would accept the >forwarded mail as coming from the forwarder and the ultimate MUA would >be able to verify that the wrapped messaged was indeed wrapped by the >forwarding list processor and transparently unwrap the original >email. Well, yes, but you don't need to wrap mail to re-sign it. By design, any host that relays a message can add a DKIM signature. Well run mailing lists sign mail now. Look at any IETF list mail for an example. The problem with wrapped mail is basically a UI problem, and the IETF has a long history of knowing less than nothing about UI (as in, much of what we think we know is wrong.) Anything a list can do to wrap mail, a bad guy can do, too. Work out a few scenarios and you'll find that wrapping isn't very attractive as a long term solution to anything. R's, John