On Mon, Oct 23, 2023 at 07:23:23PM +0200, Markus Reschke via Exim-users wrote:
> When you check out the h tag of the DKIM signature header of the > large email services you'll see that they usually have only a few > signed headers (less processing load) and some oversign specific > headers. E.g. gmail seems to oversign > from:to:cc:subject:date:message-id:reply-to, and Yahoo > From:Subject:Reply-To. Based on the DKIM RFCs and the current > reality I'd say that exim's default for dkim_sign_headers is simply > overkill and we should add a bunch of '=' prefixes, maybe a few '+' > for essential headers. I have been thinking about this all day, with increasing hopelessness :-( Is there even a "best practice" for mailing lists, what they do with incoming DKIM signatures? I see that this list removes them, and it really has no choice because it modifies the From header (and maybe the Subject too, although I won't know about it because I hide it in my MUA). But the postgres list must keep them, if they were a problem in my messages. As it is now, I'm inclined to just stop signing messages to lists. -- Ian -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
