In article <afff5e08-dafe-d9e9-a522-454e5f4d5...@spamtrap.tnetconsulting.net>, Grant Taylor via mailop <gtay...@tnetconsulting.net> wrote: >On 4/27/19 1:09 PM, Bill Cole wrote: >> Yes, because the signature included the Sender and List-* headers, >> probably non-existent originally, which mailing lists typically >> (including this one) add to messages they relay. > >Thus the Sender and List-* headers were oversigned.
Oversigning those headers is silly. Let's say you send out a DKIM signed message without Sender and List-Foo, and then an extremely malicious mailing list grabs your message and adds those headers and forwards your message without breaking the DKIM signature, which means the list didn't change the subject or the message body. What's the worst that could happen? Someone is lead to believe that you subscribe to a list that you don't? Oh, nooooooooo. As Bill C. explained, Exim is just wrong here. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
