I'm tempted to say: if the mailing list is going to do *anything* to the
message other than act as a simple reflector, it *must* strip out any
existing dkim signature. What it does after that is up to the mailing list.
Tony Hansen
[EMAIL PROTECTED]
John Levine wrote:
>> So I'm asking for a pointer to the "how mailing lists break
>> signatures" report, if it exists so I can learn a bit more.
>
> This was argued at some length about a year ago, but I can't
> dig up offhand exactly where. Here's some of the more popular
> mutations:
>
> - Add fixed list name tag and varying message serial number to Subject:
>
> - Add, delete, or replace Reply-To: header
>
> - Reformat From: line into a standard form, e.g., <[EMAIL PROTECTED]> foo
> -> [EMAIL PROTECTED] (foo)
>
> - Add a bunch of extra headers like List-ID: and Precedence:
> (shouldn't affect signature unless one replaces an existing header)
>
> - Add a footer to the end of the body
>
> - Add a "fronter" to the beginning of the body
>
> - Add, delete, or reorder MIME parts
>
> - Unpack and re-pack MIME parts with different delimiters
>
> - Add a footer to one or more MIME parts
>
> - Edit a footer into an HTML part (Yahoo groups does this)
>
> - Convert HTML to text or vice versa
>
> - Recode between 7bit and 8bit, or quoted printable to/from base64
>
> I quickly came to the conclusion that other than the shrinking
> minority of lists that do nothing at all to headers or body, it's
> completely hopeless to try to make a signature that will survive list
> processing.
>
> And I still have a lot of trouble thinking of plausible scenarios
> where mail from a domain with SSP restrictions would legitimately be
> sent through a list.
_______________________________________________
ietf-dkim mailing list
http://dkim.org
