On 20/04/19 2:50 PM, Richard Damon wrote:
If you look at the background behind DKIM, one of the major impetuses
was protecting transactional emails, and protection from attacks like
phishing. For these sorts of emails, that stricter protection makes
sense. These sorts of emails also aren't sent through mailing lists.
Effectively, if you decide to use DKIM to protect your domain's outgoing
email, then you really need to tell your users about the issue with
mailing lists, as the choice to use DKIM basically says that most
mailing list should be off limits to your users, as it is very common
for mailing lists to break the DKIM signature, so it really is YOUR
problem to adjust your DKIM settings and Authorized Usage Policy to make
your system work for your users. I have to regularly tell users of a
mailing list that I run that the reason the list removes their email
address out of the From: field is that they are using a broken email
system that isn't compatible with the use of mailing list.
Note also, these RFCs are just Standards Track, which says that they are
not yet 'full standards' but still evolving, and I believe that one of
the issues that needs to be worked out is to figure out how to improve
their interoperability for general emails with traditional mailing lists.
I'm not disagreeing with any of this. It simply boils down to that when
a current RFC recommends a certain practice you shouldn't be surprised
that people will follow that recommendation. What then follows is that
people who use google, microsoft or other major ESPs that enforce DMARC
will end up either not getting a large portion of messages sent to the
list, or have to hunt through Spam to find them. At the end of the day
this means that the practical implications of this are problematic at best.
It means that I also take issue when Wietse ways that the mailing list
is DKIM compliant, because clearly that statement is based on the DKIM
signature not including certain headers that the mailing list alters.
What might be more accurate is to say that the mailing list is DKIM
compliant just as long as the DKIM signature doesn't include certain
headers, some of which are actually recommended to be included by the
relevant RFCs. When looked at in that light it becomes more clear that
the DKIM compliance of the mailing list is spotty at best.
Peter
