On Mon, Feb 01, 2016 at 09:47:25PM -0300, Raphaël wrote: > Laposte.net should probably avoid "b=" and "bh=" DKIM fields which are > unsuitable for mailing-list consumption where email body (esp. footer) > modifications are to be expected. Checking a couple of headers seems an > acceptable trade-off.
Even better, using the DKIM l=<N> field to limit signature scope to the first <N> bytes of the message's body [1]. With N being the length of the body, it would pass DMarc test since mailing-list robots usually only append message. [and an attacker would be given append-only modification permissions] This options deals exactly with mailing-lists robots as shown by the documentation of OpenDKIM [2] which provide the BodyLengthDB option for this purpose. [1] https://www.ietf.org/rfc/rfc6376.txt (sect 3.5) [2] http://www.opendkim.org/opendkim.conf.5.html _______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
