Lindsay Haisley writes:
A nice fix, albeit probably total pie-in-the-sky, would be the establishment of a MIME Content-Type: multipart/list-post, a variation on (or extension of) mulpart/mixed. MUAs SHOULD (in the RFC 2119 sense) effectively hide the outermost enclosing MIME envelope with this Content-Type and present the contents according to rules that would apply were the enclosing MIME envelope not there. As far as the mail system is concerned, the headers on the envelope are the effective ones. As far as the MUA is concerned, for presentation purposes, the envelope content is what counts.
The problem is that the DMARC people don't give a damn about the mail system (and the PHBs behind the actions at Yahoo and AOL could care less in both senses, apparently). They're entirely concerned with presentation.
And the technicians who designed DMARC are *right* to be concerned about presentation, because it is presentation that the crooks use to hook their prey. In other words, if we come up with a way to present mail that doesn't bear their signature[1] "as if" it came straight from one of their domains, that can be abused by the crooks.
When (not if!) that abuse happens, the forces behind DMARC will come back and say "Ooooohhhh no! You can't do THAT!" And they (the PHBs, I mean) will break the system again ... and again ... and again.
So, unfortunately, I think there is *no* fix based on presentation. The only real fix is users who are sophisticated enough to avoid spammers, which can't be perfect (some people just aren't, and everybody slips occasionally), but can certainly be enhanced by better filters.
Well, there's that other fix, the one that involves lists as we love them joining the dinosaurs. :-(
All-hail-Dave-Hayes-and-the-AI-newsreader!-ly y'rs,
Footnotes: [1] Any list that isn't a pure address exploder will be unable to maintain the signature.