On Sun, Feb 15, 2026 at 01:02:40AM +0100, Steffen Nurpmeso wrote: > Crystal Kolipe via Mutt-dev wrote in > <[email protected]>: > |On Sat, Feb 14, 2026 at 11:35:03AM +0800, Kevin J. McCarthy wrote: > |> Now that we're back to applying patches from the mailing list, I have a > |> question about technique. > |> > |> The Mutt mailing lists have "dmarc_moderation_action" set to "Munge \ > |> From", > |> which means when a sender's domain has a DMARC Reject/Quarantine \ > |> Policy set, > |> the mailing list rewrites the From address. > |> > |> Without this, a fair number of receivers bounce the message, which \ > |> ends up > |> unsubscribing them eventually. > | > |If the senders are including valid DKIM headers, and the MX of the \ > |subscribers > |is capable of verifying them, then the messages should pass DMARC Reject. > | > |So maybe only rewrite the From address if the sender doesn't sign the \ > |original > |message? And of course, don't strip the DKIM headers from the original \ > |post > |when not re-writing. > > To remark that there are people that sign List-* headers, even though > they shouldn't (IETF art director of time saying in [1] (said headers) > If Jim's server is signing List-* fields for a message that hasn't gotten > to a list yet, that seems like it guarantees this message will have DKIM > problems.
Signing a non-existant header field is explicitly permitted by RFC 6376 5.4. The effect is to cause DKIM verification to fail if that field is added afterwards. Usually that's not what you want when deliberately posting to lists that use List-* fields themselves. I guess some senders might plausibly be using it to prevent private non-list mails being directly bounced to public lists by one of the original recipients, although that seems like a niche case.
