On Tue, Nov 4, 2025 at 11:12 AM Nicolas George via ffmpeg-devel <[email protected]> wrote: > Any service that alters a mail while forwarding it, like a mailing-list > adding “[ffmpeg-devel]” in the subject line, will break the signature. > What they are expected to do is to add a signature of their own, from > their own domain, and possibly a signature telling that it checked the > original DKIM signature and it passed.
The headers that are signed for DKIM can be configured. It is not recommended, but if needed you can remove Subject from the list of signed headers. I don't know how you have it set up, but with OpenDKIM adding a line like "OmitHeaders *,+subject" to the configuration file should do it. If there are any other headers that mailman(?) modifies, they also need to be added in order to pass DKIM. > What I deduce from all this is that we cannot hope to keep > “From: [email protected]” in the mails sent from our > mailing-lists: it will only work if their-domain.org has SPF and DMARC > policies lax enough, and these will vanish. The new scheme where the > header from is replaced with the address of the mailing-list seems > unavoidable. I had a similar situation at $dayjob where we wanted the From to have the user's email but the mail to be sent from our server. The solution I found was to include a Sender header after the From, in this case it should probably be "Sender: [email protected]". This should cause the SPF lookup to happen to ffmpeg.org instead of their-domain.org. Note that if the From is already [email protected] then you should not add a Sender header, according to RFC 5322. Regards, Pavel Roslyy _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
