[ietf-dkim] Mailing lists as 2822-Sender
mike at mtcc.com
Tue Dec 4 11:47:42 PST 2007
Mark Martinec wrote:
> I'm observing regular cases of originator signature breakage
> by mailing lists which DO NOT modify mail body or header in
> intrusive ways. This happens every time the poster included
> a Sender header field in its original posting, and then sign it.
> A mailing list which replaces the original Sender by its own
> causes a signature breakage, quite unnecessarily.
> Unfortunately the RFC 4871 wants a Sender signed:
> The following header fields SHOULD be included in the signature,
> if they are present in the message being signed:
> o From (REQUIRED in all signatures)
> o Sender, Reply-To ...
> and RFC 2822 only allows one instance of a Sender header field.
> It would be nice to have a clear guideline on what a mailing list
> should do with a Sender, and/or a guideline that DKIM should not sign
> the Sender field if message is intended for posting.
This is a good point. What I do is _not_ sign Sender: if it is
not present in the message. Thus a mailing list that inserts Sender
won't break the first party signature. This seems to work pretty
well in real life.
More information about the ietf-dkim