On 13.04.23 10:50, Tim Düsterhus wrote:
Hi

On 4/13/23 10:46, Andreas Heigl wrote:
DMARC is less of a concern, because the list apparently already performs
DMARC mangling for a policy that is not 'none'

Apart from (possibly) modifying the body and the subject line which then
breaks the DKIM signature which then breaks DMARC ;-)


I understand how DKIM and DMARC works. For users with a DMARC policy of quarantine or reject the list manager already performs DMARC mangling:

The 'From' header is changed from the original 'From' header and instead the list address is put there. Now the DMARC policy of the original sender no longer applies and instead the DMARC policy of the list is used (which does not exist).

You can see happening with the email from "Mikhail Galanin via internals" that was sent roughly 10 minute ago.

Then we should probably change that so that emails from a domain with DMARC set to 'none' are also not changed.

As that just means that DMARC is enabled, the receiving mailserver should just not quarantine or reject the message but instead inform the sender about the problem.

With the current settings the sender receives issues and the clients also report that the DKIM signature is invalid.

Cheers

Andreas
--
                                                              ,,,
                                                             (o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl                                                       |
| mailto:andr...@heigl.org                  N 50°22'59.5" E 08°23'58" |
| https://andreas.heigl.org                                           |
+---------------------------------------------------------------------+
| https://hei.gl/appointmentwithandreas                               |
+---------------------------------------------------------------------+
| GPG-Key: https://hei.gl/keyandreasheiglorg                          |
+---------------------------------------------------------------------+

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to