Greetings, * Slavko via mailop (mailop@mailop.org) wrote: > Dňa 3. marca 2023 17:03:35 UTC používateľ Jesse Hathaway via mailop > <mailop@mailop.org> napísal: > >2. Preserve the original DKIM signing of the message by only adding > >additional headers, i.e. do not modify the subject or add a trailer > >message.
This is what we do (for lists hosted on lists.postgresql.org). > This one will work only if sender doesn't oversigns List-* (or any other > added) headers, and some domains does it in regular mails... We've seen very very few (I'm not sure I specifically recally any..) List-* oversign cases. If we got those, I suspect we'd probably disable that user and ask them to try and fix their email system. > I was interesting in this, thus i log DKIM signed headers list (not from > ML) for some weeks, oversigned List-* headers are not common, but > happens. I'm curious where it does happen and isn't actually from a mailing list.. The List-* header would presumably be empty in that case and yet still included in the signature? I realize it's possible but ... ugh. * Mark Fletcher via mailop (mailop@mailop.org) wrote: > On Fri, Mar 3, 2023 at 9:21 AM Jesse Hathaway via mailop <mailop@mailop.org> > wrote: > > 1. Rewrite the RFC5322.From address to be an address from the mailing > > list domain, place the original RFC5322.From address in the Reply-To > > header. Sign the message with the mailing list's DKIM key. > > This is what we do. Our users nearly rioted at this idea, for good reason, imv. > 2. Preserve the original DKIM signing of the message by only adding > > additional headers, i.e. do not modify the subject or add a trailer > > message. > > This was never an option for us, as our users want a subject tag and > including a footer with an unsubscribe link is table stakes for a mailing > list. Not being able to have an unsubscribe link is annoying but we've been pretty successful having a List-Unsubscribe header that a lot of mail clients recognize and will utilize to make a button to perform the unsub using. Getting that to happen on more would be interesting to us- if anyone has info about how to specifically do that, please feel free to pass that along. > > Does anyone have any knowledge on which methodology is the most > > successful for ensuring delivery. > > I can't tell you if #2 ensures better delivery, but even doing option #1 > gotchas abound. Many domains, regardless of DMARC policy, do not like it if > you send them an email with an RFC5322.From containing their own domain, > for example. All messages to Outlook 365 domains need their > Froms re-written. Many Exchange servers are set to silently drop messages > unless you re-write From lines. On several occasions I have considered just > re-writing ALL From lines, regardless of DMARC policy, but that is really > not wonderful and when asked, our users were against that idea. Only see one obvious office 365 user on our lists and their domain (as this would be domain specific, no..?) doesn't have a DMARC policy. That said, I do feel like we have pretty good delivery using approach #1. Admittedly, we aren't as big as others and our users are pretty technical. I'm fairly confident we deliver to a lot of exchange servers though successfully and looking at domains that end up delivered to outlook.com servers, there's certainly some with DMARC reject policy that we successfully deliver to without any rewriting of the RFC5322.From address. > It's a maze of twisty little passages... Indeed. > We have to keep a list of domains that require special re-writing, which is > updated by hand when people complain about deliverability issues. ... ew. Thanks, Stephen
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
