On 2026-04-20 at 22:04:42 UTC-0400 (Tue, 21 Apr 2026 10:04:42 +0800)
2380189206 <[email protected]>
is rumored to have said:
Munging 'From' by mailing list does often include putting the
original
From into a *Reply-To* header, which causes replies to go to the
oauthopr instead of the mailing list.
For instance, an original header:
```
From: 123 <[email protected]>
```
Can be rewritten by the list server to:
```
From: 123 <[email protected]>
Reply-To: [email protected]
```
This approach does not disrupt the user's ability to reply to the
mailing list. Simultaneously, it allows the server to attach a correct
DKIM signature, ensuring the email passes authentication checks.
Doing it that way puts the list system in a position where it has to be
able to handle what are intended to be private messages between list
subscribers. There really is not any *good* solution for this and people
running mailing lists have been displeased with the DKIM/DMARC model
since it was first promulgated.
This problem is 100% a Microsoft problem. What they are doing conflicts
with the DMARC specification. I don't see any reason for the ASF to take
on more work and open up privacy issues just to allow users of a free
mismanaged service to subscribe.
If you want to subscribe to ASF lists, you have to use a mail system
that is operated in a standard interoperable way. THAT IS NOT
OUTLOOK.COM or HOTMAIL.COM.
I'm done discussing this, as I've said all I have to say on the topic,
it is arguably off-topic for this list, and your suggestions for what
should be done are increasingly ridiculous. It's not a matter that can
be decided here anyway, you would need to convince the Infrastructure
staff to make such changes.
Email often gets modified in technically important but harmless ways
in
transit. For example, There is a very common Sendmail config which
re-encodes any mail arriving with non-ASCII to 7-bit-clean
Quoted-Printable. Some MTAs will re-wrap and re-encode messages with
over-long lines.
Sendmail can be configured to work with OpenDKIM, which re-signs the
email after these modifications.
Yes, but for the signature to be useful it must align to the From
header, so if you sign mail being relayed you also should be changing
the From header.
Within a trusted internal network (Intranet), DKIM may not be strictly
necessary. However, once the email enters an untrusted external
network (Internet), implementing DKIM is essential to mitigate the
risk of email spoofing.
That's simply false. You are placing more trust in DKIM than it can
possibly support as designed. It is fragile and breaks when mail systems
do entirely normal and common things to a message. It provides *SOME*
protection from *SOME* types of spoofing but it cannot be usefully
demanded of those who do not have a real need for such protection.
--
Bill Cole
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
