Greetings, * Slavko via mailop (mailop@mailop.org) wrote: > Dňa Mon, 6 Mar 2023 17:41:45 -0500 Stephen Frost via mailop > <mailop@mailop.org> napísal: > > > I was interesting in this, thus i log DKIM signed headers list (not > > > from ML) for some weeks, oversigned List-* headers are not common, > > > but happens. > > > > I'm curious where it does happen and isn't actually from a mailing > > list.. The List-* header would presumably be empty in that case and > > yet still included in the signature? I realize it's possible but ... > > ugh. > > I agree and i consider this as "ugh" too. IMO if message is not from ML > these headers does not construct core of message ;-) > > Initially i noticed it in my job's email. I didn't see server config > nor know its signing software, thus i can guess only, but IMO it comes > from exim -- i roughly remember that from some headers in past. > > By default exim (4.94) uses this list of headers to sign: > > > ...:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive > > That means, that exim signs all occurrences (not over sign) and > nonexistence of these headers. exim provides second list of headers, it > is exactly the same, but over signs all these headers, thus things are > the same (in this topic). That means that in both default cases, all > these headers are always included in signature. > > Try to guess how many exims uses one of these defaults? IMO, that will > not be negligible...
I just went through and did a review of a few years of email to the PostgreSQL mailing lists and while it wasn't completely scientific (using grep mainly and not some proper processing), I found only two messages that arrived to any of the lists that I'm on (which is all the big ones and most of the others) that had a 'List.*' header in a 'h=' line and one of those was clearly a bit of spam that got through. Certainly doesn't seem to be a common issue. Thanks, Stephen
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop