On Fri, 2018-07-20 at 16:20 -0700, Autumn Tyr-Salvia wrote: > What I'm thinking is that the situation might improve if they can stop > signing the reply-to: and possibly even the to: and cc: headers. Am I on > the right track? Any other recommendations?
While minimal header signing might get around basic forwarding mechanisms, mailing lists more than often modify the body of messages too (adding a listinfo URL etc). Personally, where a client is mandated to support strict DMARC, I'd approach it more as a communications challenge as opposed to a technical problem. The researchers and (more importantly) the list operators need to be made aware that the security posture of the client is changing and that they'll need to adapt to that. Most mailing list software can support breaking DMARC by rewriting the From in some manner. It just needs to be enabled. Perhaps you could explore getting the MTA to add a signature to outbound mails going to researchers informing them of the impending changes etc.? I think where DMARC is required to be strict by policy, trying to dilute it to accommodate every use case is a bad idea. Ken. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
