On 4/27/19 11:43 PM, Bill Cole wrote:
I can't say "should" because that's a site-specific/sender-specific choice.
As is the choice to (over)sign headers, even non-existent headers; List-*, Sender, etc.
It's a thing that could be done with some effort, the right tools, and properly trained users.
It's also a game of whack-a-mole. The sending server would need to constantly be re-configured to avoid doing something based on the receiving server's lack of DKIM processing.
It is also entirely feasible without substantially weakening DKIM to just universally not oversign headers that mailing list managers typically and properly.
In your own words, "…that's a site-specific/sender-specific choice."
It is not "culpable" for a mailing list manager to add List-* and Sender headers OR to be blind to DKIM signatures.
In this day and age, I disagree. Ten years ago, I would have held my opinion. For better or worse, DKIM is a thing today.
Based on your opinion for DKIM, I'm assuming that you also think that a mailing list manager is not culpable for sending messages out using the original SMTP envelope from, likely in violation of SPF.
Nor is the mailing list manager's MTA culpable for not having reverse DNS configured.
Times change. Servers need to step up to the plate and do new things. Mailing list managers especially so.
On the other hand, a signer that is not part of a mailing lists manager signing non-existent standard headers used by mailing list managers is actively hostile to mailing list managers.
I disagree. Mailing list managers should not assume anything about the state of messages that come in. Especially if there is a trivial action that they can take to make sure that the message they send out does not break something.
In this case, said trivial action is removing / renaming the incoming DKIM-Signature header. This is especially important if the mailing list modifies the message in any way; modifies From:, prepend the Subject:, append a footer.
Again, in your own words, it's "…a site-specific/sender-specific choice…" how the sending site sends the email.
So, I feel like blaming 1 / 10 / 100 / 1,000 / etc. senders / sender's MTAs for how they send an email is a poor place to lay blame. Especially if the single mailing list manager can make a simple change.
It's a numbers game. Do you want to exert effort to alter an all the senders to be compatible with some mailing list managers? Or would you rather alter a much smaller number of mailing lists to be compatible? Where do you have the better return on your investment of energy. The math is in favor of modifying the mailing list manager.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
