On 12.02.2017 08:39, Kiss Gabor (Bitman) wrote: > Maybe DKIM verification should ignore list tags in the subject > if the first attempt was unsuccesful. > I.e. I could imagine a smarter canonicalization.
There can be no "interpretation" of what the signing party distributes. I deliberately use DKIM to sign subject headers to prevent manipulation, and that header is later modified (e.g. by adding a dreaded [list] tag), the signature verification *must* fail. The Postfix mailing list has always been well configured in that it neither modified subject lines, nor messed with the body by adding a footer. It should definitely be kept that way. -Ralph
