OT: DKIM signatures on email messages from lists.gnupg.org

Konstantin Ryabitsev konstantin at linuxfoundation.org
Mon Jun 12 21:24:54 CEST 2023

On Mon, Jun 12, 2023 at 06:45:37PM +0200, Alessandro Vesely via Gnupg-users wrote:
> > What the list-software would need to do is to strip the original DKIM signature
> Why?  Original signatures can often be recovered.  They shouldn't be removed
> anyway.

If list-software is doing something to make the DKIM signature no longer
verify, it must remove the DKIM signature or rewrite the From: header to
change alignment.

> > or to not modify the message (at least not the designated header lines,
> > and the body). More info here:
> >      https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html
> Omitting subject tag and footer seems to me to be worse than From: munging.

No it isn't. Changing the subject and adding the footer is a damaging
anti-pattern from mid-nineties. If the end-user wants to filter mail, they can
do it based on the List-Id header or any other criteria. Lists that still do
this in 2023 need to be updated to no longer do this.

> I'd definitely recommend ARC, not the conceptual Mailman 3 version.
> However, most receivers are not yet prepared to accept it.

ARC is just adding more things to the chain that you must explicitly trust.
It's basically an assurance from the remailer that "oh, btw, I checked this
message and its DKIM was good, trust me." It's useful for the huge mail
providers like Yahoo/Gmail/Outlook, but standing up your own ARC-signing
infrastructure is largely just wasting cycles.


More information about the Gnupg-users mailing list