On Sat, 16 Jan 2016 08:36:30 AM Craig Sanders via luv-main wrote:
It cares about what the user sees. The purpose of DKIM is not to ensure that only Paypal can have an envelope sender saying paypal.com, it's purpose is to ensure that only Paypal can have a From: field with paypal.com.
and that's the problem. after the message has been sent by the originating MUA or MTA (where To, From, CC, Bcc are used to construct the envelope sender & recipient), headers are merely comments. To treat them as anything different is just plain wrong.
Why are we having an argument about comments then? If they are just comments then it shouldn't be a big deal.
and restricting @paypal.com From: headers to just paypal-owned sender host is pointless anyway - phishers register every possible variant and look-alike of paypal.com and spam with that. often they don't even bother using a domain that looks or sounds even remotely like paypal.com - and it makes no difference. their typical victims are too stupid to notice or care - and it's not just a matter of ignorance, it's stupidity.
Stupidity is a problem. But what we want to do here is to make it possible for people who aren't particularly stupid to work this out without much effort.
and if the developers of SMTP had thought of spam etc, and designed SMTP to have built-in authentication, it would have seriously damaged the open nature of the internet as we know it today. the fact that the net was built open and not locked down was a major contributor to its success.
They could have designed encryption and signing features from the start and methods for recognising new senders.
Apart from the ones who receive mail viw Gmail, the ones who complained about my mail going to their spam folders which started me working on this.
if mailman is breaking DKIM-signed message then that needs to be fixed. mangling headers is a crappy workaround hack, not a fix.
Fine, Tell us how to fix it without mangling headers.
But list traffic is significantly greater than usual at the moment.
a lot of that is this thread complaining about DMARC.
I know that!
Message forgery is a solved problem. SPF works. DKIM is a) overkill and b) unnecesary.
SPF doesn't stop forged headers unless you use DMARC.
headers are irrelevant. you can't and shouldn't trust From: headers any more than you can trust any Received: header before the ones your own server adds.
Unless they are DKIM signed.
The mail servers that people use to send mail to this list are also used by people who want to send mail to Facebook. Even if every single LUV member avoided ever using Facebook then we would still be affected by what they want.
as i said, solve the right (actual!) problem. if mailman's handling of DKIM-signed messages is broken then THAT is the problem that needs to be fixed.
OK. Let's fix that. I don't have the time or skill to fix Mailman code, could you please do it for me? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/