On 28 Apr 2019, at 13:05, Grant Taylor via mailop wrote:
On 4/27/19 11:43 PM, Bill Cole wrote:
I can't say "should" because that's a site-specific/sender-specific
choice.
As is the choice to (over)sign headers, even non-existent headers;
List-*, Sender, etc.
Qualitatively different choices.
Signing non-existent Sender, List-*, and Resent-* headers has no
positive effects outside of absurdly contrived cases and causes tangible
problems. Fixing that is zero-maintenance with no negative side-effects.
Special-casing recipients to work around known problems has a clear
positive effect, but it only makes sense to do that if changing the
default behavior is unworkable and the number of known and likely future
special cases needed is manageable with the available support staff.
Because
One is a choice to do the generically right thing, the other is a choice
of how finely you want to customize services.
It's a thing that could be done with some effort, the right tools,
and properly trained users.
It's also a game of whack-a-mole. The sending server would need to
constantly be re-configured to avoid doing something based on the
receiving server's lack of DKIM processing.
Not necessarily. If one chooses to accommodate particular classes of
destination in particular ways, one can choose how much particularity
one is willing to support. Maybe it's enough to kiboze the user maildirs
for List-ID headers once to figure out what lists your users participate
in and just not sign mail to those. Maybe it's something more
comprehensive or bespoke. This is why I am loath to make a blanket
recommendation.
It is also entirely feasible without substantially weakening DKIM
to just universally not oversign headers that mailing list managers
typically and properly.
In your own words, "…that's a site-specific/sender-specific choice."
It is not "culpable" for a mailing list manager to add List-* and
Sender headers OR to be blind to DKIM signatures.
In this day and age, I disagree. Ten years ago, I would have held my
opinion. For better or worse, DKIM is a thing today.
Based on your opinion for DKIM, I'm assuming that you also think that
a mailing list manager is not culpable for sending messages out using
the original SMTP envelope from, likely in violation of SPF.
Your assumption is incorrect. MLMs don't use the original SMTP envelope
sender for a very basic reason entirely unrelated to SPF.
A MLM must always use its own envelope sender because that's the return
path for delivery errors, which in a list context should always be the
MLM not the original author. The original author has no control over
delivery to individual list members or even knowledge of who they are in
most cases, so it would serve no purpose to send them NDNs.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop