"Joel W. Shea via luv-talk" <luv-talk@luv.asn.au> writes:
1) DKIM signing messages sent by the mailing list
Unless there's a DMARC policy for a domain, there's no requirement for any parameter in the DKIM-Signature header field to match any other header field. In particular, the DKIM "d=" domain, and the domain in the "From:" field, aren't required to match in the absence of DMARC, (and ADSP, or DK) policy.
Since this list's domain doesn't currently (or presumably, intend to) publish a DMARC policy record, I don't see DKIM signing of list mail as a valid reason to munge the "From:" field.
IIRC I think somebody said that Mailman breaks the DKIM on the original message. Which provokes the question - why not fix Mailman so it doesn't break the DKIM on the original message? IIRC this is because of the design of Mailman; it interprets the headers and writes them out again, so it can't write them back exactly the same as they were before. I don't have the references handy, I apologise in advance if I got the above wrong. Which seems to be saying we need to mangle the From: header due to poor design decisions in Mailman. Also see the "Annotations by mailing lists" section in https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail - It seems to suggest other options are available, e.g. using SPF to whitelist DKIM, or to use the Sender: header instead of the From: header. -- Brian May <brian@linuxpenguins.xyz> https://linuxpenguins.xyz/brian/