[Mailman-Developers] feature request: one-click setting to preserve DKIM
Stephen J. Turnbull
stephen at xemacs.org
Wed Dec 7 05:45:23 CET 2011
Barry Warsaw writes:
> My own personal feeling is that having lists re-sign messages is the best
> expectation to put forward. You're subscribed to a mailing list, so you trust
> that list much more than you trust the senders on that list.
But as Monica points out, sometimes you need to evaluate whether you
trust the sender, because otherwise you need to trust *all* of the
list's competence to evaluate senders, congruence of the list's trust
policy with your own, *and* the honesty of the list's host
adminstrators.
> So having the mailing list site re-sign the outgoing messages seems
> to me to be best practice. My inclination is that removing the
> original author's signature first is not entirely inappropriate.
But that doesn't work in the case in point, unless you also change the
from field to reflect the list's domain.
What do these DKIM-strict domains do with digests? Do they actually
check the content (ie, individual messages) for source domain and
verify their DKIM signatures?
If not, just have those people who aren't getting messages turn on
digest mode with maximum frequency. :-)
Of course, all the phishers out there are reading this message, and
will shortly be using this technique to phish gmail users, so you'll
have to extend DKIM checks to the content of digests and forwards....
What really ought to be done is to format secured messages as
multipart, and sign the overall header "From" and individual parts
(perhaps identified by some kind of content ID). Then have the *MUA*
(not the MTA!) check for alleged sender, and for highly-phishable
alleged senders display *only* authenticated portions (plus maybe
buttons to see unauthenticated content at user option).
Dream on, Steve ...
More information about the Mailman-Developers
mailing list