Author: Adam Weiss 2015-06-19 19:47:56
Published on: 2015-06-19T19:47:56+00:00
In an email conversation between Warren Togami Jr and Adam, they discussed the issue of DKIM (DomainKeys Identified Mail) signature checking for all mails originating from a domain. If dmarc_moderation_action is set to "Munge from", the list will detect when someone posts from a domain that publishes a request for strict signature checking for all mails originating from it (in DNS) and rewrite the envelope-from to the list's address. The reply-to will be added and set to the original sender. Adam thinks that this is probably a better way to workaround the issue (rather than playing with getting the list to not break the signature) until these things mature further.Warren replied that he is not pleased with the need to remove the subject tag and footer to be more compatible with DKIM users. He asked if mailing list software resigns for the messages themselves. Mike Hearn explained that lists can do what are effectively MITM attacks on people's messages in any way they like, if they resign for the messages themselves. However, mailman isn't resigning it. DKIM is used by most mail on the internet. DMARC rules that publish in DNS statements like "All mail from bitpay.com is signed correctly so trash any that isn't" are used on some of the worlds most heavily phished domains like google.com, PayPal, eBay, and indeed BitPay. These rules are understood and enforced by all major webmail providers including Gmail. It's actually only rusty geek infrastructure that has problems with this, and the vast majority of email users who never post to technical mailing lists benefit from it significantly. Warren understands the reason to protect the "heavily phished" domains. However, he heard that LKML does not modify the subject or add a footer, perhaps because it would make it incompatible with DKIM of the several big corporate domains who participate. He supposed that it is somewhat acceptable for them to remove subject tags and footers if they have no choice.
Updated on: 2023-06-09T23:40:03.206398+00:00