On Wed, Nov 25, 2015 at 6:55 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > > But my point was that while the RFC says what to put there there's > > absolutely no reference anywhere for when the information should cause > > any MUA or MTA to behave differently. > > Agreed. To my mind that's a reason why Sender should not be DKIM-signed. > Unfortunately, RFC 6376 explicitly suggests doing so ... and it looks like > some people are taking that advice.
Hm, I see it as a reason why signing Sender is reasonable. If it were a functional header then there might be a reason it would have to be changed. But if it's purely informational and the receiving MUA is going to display to the user (which is a bad idea imho but Gmail and Exchange both do it) then it makes sense to expect some authentication for it. I think the thinking is basically "sign everything we're going to present to the user phishers can't claim to be someone they're not". In which case it's fairly important that things like Sender be signed. Or that everyone agree it's just a useless header and stop sending or displaying it. I don't think we should base any action on guesses of what Gmail does. Google may do something we don't expect that's more complex to work around the problem. For one thing you can have email addresses at Google from a number of domains so they may well be able to have more than one policy for different users. I would suggest we stop doing things that are obviously incompatible with DKIM -- header and body munging for example. And I suspect we can stop touching Sender without any ill effects too. One idea might be to add a script to check a user's domain for p=reject and send them a warning when subscribing (or sending mail to the list?) warning them of the problem. -- greg -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
