> If I send an email to a mailing list, it shouldn't be passed off as mine when forwarded.
I think it's actually the exact opposite, it should be possible to keep origin information intact. This lets everyone verify that it's "x through mailing list y" instead of "mailing list y saying it was x". It's a massive difference and lets the mailing list operate separate from the reputation of the content (from some other domain).
> Moreover, internal forwarders for things like spam filtering and virus scanning and corporate domain forests are internal infrastructure problems that shouldn't be treated as something which the sender has to prepare for.
And it isn't. But wanting it to be more difficult is simply not viable.
With DKIM2 coming, that kind-of combines DKIM and ARC, SPF will become even more useless and a hindrance. And signatures will be much more resilient to forwarding even with (some) modifications. This is what the industry wants, not the opposite.
> Maybe that's too idealistic, but it's not like I'm dying on the hill that we should have rolled out global S/MIME!
S/MIME is being revived as well right now. So who knows how it'll go, maybe that's an another thing we'll be getting.
> As regards DKIM and length extension, I'm not aware of any way to force it off.
Just don't use the length tag, then it's off.
What I mean is, I cannot set a policy that emails with DKIM signatures that allow length extension should not be trusted.
That's up to your MTA though. I know Stalwart has an option for it for example, but there are others.
Thinking about it, I guess you're right. While I'd like some way to say "never trust a DKIM signature claiming to be from me if it allows extension", the reality is that the only way for somebody to get their hands on such a message is if my MTA produced one in the first place.