Thank you for the education The IETF list processor seems to be an
illustration of your point.
It invalidates the orginal sender's signature Then it adds an ietf.org
signature Then the message is relayed internally within a single IETF
server, where the IETF signature is invalidated. The the message is
signed
a second time with an valid IETF signature
I rather hoped that IETF would be the poster-boy for list processing done
correctly. Why is the message manipulation that you describe necessary or
acceptable?
That's completely backwards. Mailing lists have been around for 30 years
and were doing what they do long before anyone thought of mail
authentication like SPF, DKIM, or DMARC. SPF and DKIM on their own work
fine with lists -- a list puts its own envelope address and its own DKIM
signature on outgoing mail which a receipient can use.
DMARC egregiously fails to handle them and was never intended for mail
that goes through lists, but that's a story that's been told plenty of
times already.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
