* Matus UHLAR:
Modifying the "From" header is pretty much guaranteed to break
existing
DKIM signatures [...]
many mailing lists modify the "From:" header in order to create their
own DKIM signature pass and conform to DMARC.
On 26 Mar 2019, at 13:09, Ralph Seichter wrote:
Hence I wrote "break existing DKIM signatures".
On 26.03.19 13:22, Bill Cole wrote:
Which is not a bad thing, in this context.
The problem is that most mailing lists routinely break DKIM signatures
anyway.
usually when they prepend Subject with a text (e.g. list id).
Often they don't break DKIM.
When they do so without changing the From header, senders in
domains with a policy (p=) value in their DMARC record other than
"none" are at high risk of having their list postings rejected or
quarantined by sites honoring DMARC policies. If the address in the
From header does not align with the domain value in the DKIM-Signature
header, the DMARC policy of the signing domain is irrelevant.
if the mailing list doesn't modify existing headers, DKIM signatures are
valid but they don't align, so DMARC policy is violated.
DMARC sucks pretty much.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
