* Peter: > Granted in this particular case, and given what Sender is for, it > probably shouldn't be signed if it's not present, but the RFC does not > make that explicitly clear, and I would not hold someone at fault for > signing the Sender header based on what that RFC says.
Signing a non-existing (!) header. Right. Mind if I watch? :-) The Postfix mailing list is one of the few that does not rewrite message subjects or bodies, giving existing DKIM signatures at least a fighting chance. If somebody insists on adding a Sender header and including it in the signature before posting to this mailing list, that's his/her problem. Speaking of which: > At the end of the day, messages from this list are ending up in > people's Spam folder, or are not being delivered at all. DKIM signature mismatches can add just a little or a lot to a spam score. The scores can be offset by taking other headers like List-Id into account. The recipient therefore has a choice about how a given incoming message is processed. As I mentioned before, I use (sub)domains without DMARC policies for mailing lists, and for some of them even forgo DKIM signatures. DKIM and MLs just don't play well together, so I try to mitigate the issues. -Ralph
