ADMIN: Some mail addresses are now rewritten

Bill Broadley bill at
Thu Mar 16 04:46:53 CET 2017

On 03/11/2017 09:27 AM, Werner Koch wrote:
> Hi!
> You may have noted that the From address has been rewritten to show the
> list address instead of your address.  In addition a reply-to header has
> been set so that your address is also known. 

IMO reply should go to the send and reply-list/group reply should go to the
list.  Sure people make mistakes, but it's still the most reasonable behavior.

> The reason for this is that some mail sites now have a DMARC reject
> policy which leads to a bounce for all subscribers whose mail provider
> honors this DMARC policy - for example gmail.  After a few bounces
> message delivery to those subscribers will blocked by our Mailman.

I've been dealing with this.  After watching these kinds of problems in multiple
environments I think what should happen with mailman, dkim, SPF, etc is:
A) If mailman is going to leave DKIM headers intact then the email should be
   forwarded without modifications to the body/signature.  So readers of the
   mailing list should be able to DKIM verify the centor
B) if mailman is going to modify the email then it should:
   1) resign with it's DKIM key (for in this case)
   2) allow mailing list users to set a flag saying "Do not accept email
      from me unless properly signed with DKIM"
   3) Upon finding properly signed DKIM messages that will be stripped/resigned
      mailman should add a new header.  DKIM-verified-by-mailman or similar.

I realize this isn't the best place to discuss such things, but welcome any
input.  I'm watching the mailman list, on a #dmarc IRC channel, or similar.  But
finding a place that discusses standards that impact so many different pieces is

> The problem with this rewriting is that it breaks quoting.  For example
> here is how I would have replied to Jeff's test mail:
>   On Sat, 11 Mar 2017 15:02, gnupg-users at said:
>   > Just a simple test message as asked by Werner to test something…
>   Thank you.
> Thus I think marking the address invalid would have been a better choice
> for Mailman - but there is no option for this yet.

Not sure I follow, I hit group reply in Thunderbird and at the top of this
message is:

On 03/11/2017 09:27 AM, Werner Koch wrote:
> Hi!

Which is exactly what I expected.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170315/0482def4/attachment.sig>

More information about the Gnupg-users mailing list