Hi all,
As a prelude to a larger mailing list fixing project[1], I would like to
start by fixing the configuration of the `@community.apache.org` mailing
lists, which invalidate the DKIM authenticity checks of the messages I
send to this and other `@community` lists.
I would like to open an INFRA ticket to:
1. Remove the 3-line footer that `ezmlm` adds to all messages in this
list. DKIM[2] signature always include the body of the message and each
modification invalidates the signature.
2. If technically possible, disable the rewriting of the `Reply-To`
headers. While DKIM only requires the `From` field to be signed, in
practice `Reply-To` is also signed by my e-mail provider, even when the
header is absent from the original message. I can obviously work around
the problem by setting `Reply-To: security-discuss@community.apache.org`
myself, but this is not possible in some e-mail clients.
The purpose of these changes would be to guarantee that all the
subscribers of the mailing list receive all the messages sent to it. The
fate of each message depends on the DMARC policy[3] published by the
sender's domain. If you use a personal domain, you can pretty much
ensure that the policy is `none`, but for company's domains the choice
is not up to you.
What do you think?
Piotr
[1] https://lists.apache.org/thread/nnjzfxxz08obkvybqd7z7b8x8mzrw3y4
[2] https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
[3] https://en.wikipedia.org/wiki/DMARC
---------------------------------------------------------------------
To unsubscribe, e-mail: security-discuss-unsubscr...@community.apache.org
For additional commands, e-mail: security-discuss-h...@community.apache.org
