OAuth just avoids the need to ask the user directly for her password. Once you have access to the subscriber's submit server, you can run the decorated message through it to get the mail providers's signature, then remail that.
This is potentially a lot of remailing, though. Somebody who has been posting twice a day to a mailing list with 1000 subscribers suddenly goes from 10 outgoing messages a day to 2008.
No, he goes from two to four. He sends the first original message to the list (1) which adds subject tags and footers or whatever, then uses OAuth to resend it back to the list to get a new DKIM signature (2), and the list then remails that to the thousand subscribers. He sends the second message (3) which is treated the same way (4).
If you have the list set to customize the message per recipient, this hack doesn't work. Do you have any idea how many lists do that?
Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.