Ugh, list-unsubscribe headers are required to be removed by mailing lists. Well, I guess technically only if their sublists, but that's a distiction I bet most don't make.
Though, the chances of a message passing dkim through a mailing list is practically non-existent anyways. And marketing mail to a mailing list shouldn't happen, except maybe where the mailing list is basically an alias. Anyways, from, subject, msgid, date, to, cc. Basically, what identifies the message and what the user put in the headers. Technically not including content-type may let you do some wacky things, but I had a hard time coming up with a real world scenario for that. I'm sure if it eventually came down to some signers not including the right fields and others taking advantage, receivers would have to start onyl using signatures that covered some minimum set, kind of like how 512 bit keys were ignored even before the recent dkim rfc revision. Brandon On Thu, Jul 19, 2018, 10:38 PM Benjamin BILLON <bbil...@splio.com> wrote: > Maybe it's not a coincidence, but Steve Atkins just made a post about > that: https://wordtothewise.com/2018/07/minimal-dmarc/ > > > > I would tend to say that the more headers are included in the signature, > the "safer" it gets (any change would be suspicious), but this is > challengeable and it makes sense to look a bit closer at the detail of each > header individually. > > > > Some headers might be required to be added, such as X-CSA-Complaints and > List-Unsubscribe, for CSA members: > https://certified-senders.org/wp-content/uploads/2017/07/CSA_Admission_Criteria.pdf > . > > > > -- > > *Benjamin* > > *From:* mailop <mailop-boun...@mailop.org> *On Behalf Of *Autumn > Tyr-Salvia > *Sent:* Friday, 20 July, 2018 07:18 > *To:* Mailop <mailop@mailop.org> > *Subject:* [mailop] DKIM headers - which do you sign and why? > > > > Hello Email Folks, > > > > I work at Agari, where I guide large organizations through the process of > getting their email to pass DMARC. I have lately had some customers with > greater-than-usual issues relating to aligned authenticated messages that > get forwarded, where the forwarding system is changing headers to the point > that they break DKIM, and thus the messages fail and get rejected. The > messages they're having trouble with are being sent from servers under > their own control (and not third party vendors), and I have a sneaking > suspicion that the issue is related to the specific headers they have > chosen to sign. > > > > I know signing the From: field is required by spec, but I think everything > else is technically optional. For those of you who have been in the > position of choosing which headers to sign and which not to, would you be > open to sharing your reasoning with me? Any words of wisdom around headers > they really should or should not sign? > > > > Insight much appreciated! > > > > > > Thanks, > > > > Autumn Tyr-Salvia > > tyrsalvia@gmail > > atyrsalvia@agari > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
