On 11/24/2015 07:55 PM, Tom Lane wrote:
[snip]
The clearly critical thing, though, is that when forwarding a message from
a person at a DMARC-using domain, we would have to replace the From: line
with something @postgresql.org. This is what gets it out from under the
original domain's DMARC policy.
One possibility that comes to mind:
- Remove the sender's DMARC headers+signature **after thoroughly
checking it** (to minimize the amount of UBE/UCE/junk going in)
- Replace the sender's (i.e. 'From:' header) with
list-sender+munched-em...@postgresql.org (VERP-ified address)
- Add the required headers, footers, change the subject line, etc
- DKIM-sign the resulting message with postgresql.org's keys before
sending it
[snip]
If Rudy's right that Gmail is likely to start using p=reject DMARC policy,
we are going to have to do something about this before that; we have too
many people on gmail. I'm not exactly in love with replacing From:
headers but there may be little alternative. We could do something like
From: Persons Real Name <nob...@postgresql.org>
Reply-To: ...
so that at least the person's name would still be readable in MUA
displays.
Yup
We'd have to figure out whether we want the Reply-To: to be the original
author or the list; as I recall, neither of those are fully satisfactory.
Or just strip it, though that trump the sender's explicit preference
(expressed by setting the header)
I might be able to help a bit with implementation if needed.
/ J.L.
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
