On Mon, Jun 12, 2023 at 06:45:37PM +0200, Alessandro Vesely via Gnupg-users wrote: > > What the list-software would need to do is to strip the original DKIM > > signature > > Why? Original signatures can often be recovered. They shouldn't be removed > anyway.
If list-software is doing something to make the DKIM signature no longer verify, it must remove the DKIM signature or rewrite the From: header to change alignment. > > or to not modify the message (at least not the designated header lines, > > and the body). More info here: > > https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html > > > Omitting subject tag and footer seems to me to be worse than From: munging. No it isn't. Changing the subject and adding the footer is a damaging anti-pattern from mid-nineties. If the end-user wants to filter mail, they can do it based on the List-Id header or any other criteria. Lists that still do this in 2023 need to be updated to no longer do this. > I'd definitely recommend ARC, not the conceptual Mailman 3 version. > However, most receivers are not yet prepared to accept it. ARC is just adding more things to the chain that you must explicitly trust. It's basically an assurance from the remailer that "oh, btw, I checked this message and its DKIM was good, trust me." It's useful for the huge mail providers like Yahoo/Gmail/Outlook, but standing up your own ARC-signing infrastructure is largely just wasting cycles. -K _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
