On 20/04/2019 14:59, Richard Damon wrote:
> On 4/20/19 8:08 AM, Reto wrote:
>> On Sat, Apr 20, 2019 at 07:31:06AM -0400, Richard Damon wrote:
>>> Where the issue comes is with DMARC, which restricts the DKIM protocol
>>> to be aligned with the From line of the message, and thus the MLM can't
>>> make the message pass the DMARC settings of the sending domain. It is
>>> DMARC which breaks the traditional operation of a MLM, and the use of
>>> which implies that the sender should not be using such tools.
>> Now that's a bit dramatic isn't it?
>> A mailing list *can* work with dmarc just fine if it doesn't modify the
>> protected headers.
>> That doesn't seem to be particularely complicated assuming Headers like
>> List-Unsubscribe et al can still be added.
>>
>> Just don't modify the subject and the body and you should be fine.
>>
> To meet the Mail RFCs the Mailing list should modify the Sender: field,
> so if that was signed (as was pointed out is recommended by DKIM) the
> signatures will be broken, and since DMARC requires alignment to From:
> (which the RFCs says should be the Author of the message, so should be
> the original sender), a MLM manager can be forced to break some RFC to
> be able to deliver the message.
>
This is not a 100% clear and maybe was just forgotten to delete. RFC6376
does not explicitely recommend to sign Sender in the "Recommended
Signature Content" which is pointed out in 5.4.1 anymore.
While it is true that there is still the sentence in 5.4 "For this
reason, signing fields present in the message such as Date, Subject,
Reply-To, Sender, and all MIME header fields are highly advised." this
is just out of an "Informative Operations Note" and maybe a relict
of the old (and deprecated RFC4871).
Because if you look further in 5.4.1 "Recommended Signature Content" the
Sender field is not there anymore, the list reads
"From, Reply-To, Subject, Date, To, Cc, Resent-Date, Resent-From,
Resent-To, Resent-Cc, In-Reply-To, References, List-Id, List-Help,
List-Unsubscribe, List-Subscribe, List-Post, List-Owner, List-Archive"
and leaves "Message-ID, In-Reply-To and References" more open
This was clearly revised from RFC4871 5.5 "Recommended Signature"
content which reads a bit different and definitely included more fields
"From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc,
MIME-Version, Content-Type, Content-Transfer-Encoding, Content-ID, Content-
Description, Resent-Date, Resent-From, Resent-Sender, Resent-To,
Resent-Cc, Resent-Message-ID, In-Reply-To, References, ,List-Id, List-Help,
List-Unsubscribe, List-Subscribe, List-Post, List-Owner, List-Archive"
Sender, MIME and Content-fields were clearly reworked and taken out
there whereas the common part of 5.4 was just copied maybe.
https://tools.ietf.org/html/rfc6376#section-5.4.1
https://tools.ietf.org/html/rfc4871#section-5.5
