[Mailman-Developers] dkim-signature headers
Michael Thomas
mat at cisco.com
Fri Feb 2 18:05:10 CET 2007
Barry Warsaw wrote:
> I'm not sure how much I like that anyway, so comments are definitely
> welcome. After mulling over this post for an hour ;) I'm starting to
> believe that it's the mailing list system that needs to vouch for the
> messages its recipients receive. Of course, it could be Mailman doing
> the DKIM signing, or it could be Mailman's outgoing MTA, etc. But,
> ISTM Mailman is ultimately deciding what goes into the list copy, so
> it is responsible for it.
The big problem with the way that mailing lists interact is that in some
scenarios they're not terribly different from a .forward file, and in other
cases they for all intents and purposes completely originating a completely
new message, cf translators, digestors, etc, etc. The _problems_ arise when
the mailing list keeps the 822.From address intact from the original
submitter.
For things like digests it pretty much does the right thing: it sets the
2822.From
to be something related to the list. For normal list traffic it keeps
the original
2822.From.
What it seems to me is that maybe we should look close at that behavior of
when a list ought to take From: responsibility for a message ala
digests. When
a list completely mangles a message, is it really reasonable for it to
keep acting
as if it came from the original From: address? There's probably not a
bright line
here, but maybe we should force the issue with DKIM in that something that
mangles a message in a way that it's impossible to have the original
signature
survive to... set the From: address to something list related so that
it's the lists
reputation that's considered rather than getting caught up in no-man's
land of
"it looks like a forgery because we/they sign all mail, but..."
Mike
More information about the Mailman-Developers
mailing list