Perhaps this is just from hanging around on the Debian project, but for "official" notices, I got used to the standard practice of them being cryptographically signed using gnupg (http://www.gnupg.org).
Cryptographic signing serves two purposes: so that it was possible to verify that they were:
a) from who they claimed to be from b) that they had approved the message.
Would it be feasible for Wikimedia to adopt the same process?
wikipedia-l@lists.wikimedia.org