OT: DKIM signatures on email messages from lists.gnupg.org

Steffen Nurpmeso steffen at sdaoden.eu
Tue Jun 13 23:50:03 CEST 2023

Alessandro Vesely wrote in
 <8fe44a06-cb26-db9b-bf9a-8251baf560b4 at tana.it>:
 |d= is not aligned.  Really, you gain nothing by removing DKIM-Signature:\
 |except saving a few bytes.

Most non-spam non-patch messages i see have an exorbitant text /
header data relation.  I could not tell names now (i use

  headerpick save ignore '^Delivered-To$' '^Envelope-To$' '^Original-.*$' '^X-.*$' '^ARC-.+$' '^Authentication-Results$' '^DKIM.+$' ^X- ^IronPort ^MGA ^Spam '^(Accept|Content)-Language' ^Thread-

) but there exist universities and organizations with baffling
internal email infrastructures, and each of those hops performs
spam checks, DKIM+ verification, and -signing.  Over, and over,
and over again.  (Where i would then, likely, use a (WireGuard)
VPN, or plain TLS with client certificates, to do the internal
hops.  But, you know, there is wiiind, there is sooollarrr, and
for now there are plenty nuclear plants, too.  Just my one cent.)

 |The Sender: field was considered in Microsoft's Sender ID (RFC 4405), \
 |which has 
 |been competing with SPF for some time in the past.  Every now and then \
 |proposes that DMARC should consider it too[*].  A receiver cannot verify \
 |that a 
 |self-appointed Sender is authorized to send messages on behalf of a \
 |bank or 
 |whoever it tries to impersonate.

The very much appreciated Dave Crocker who is in email for i think
45 years or more added RFC 9057 Author:, which is worth reading
when talking this topic.
Unfortunately the get-the-job-done-for-money people who caused all
the mess do not seem to care for it.  They do not care for the
email infrastructure at all, which finally (for me) brings back
the claims of the nonseriousity of email.
Maybe an interesting further data point i have read today in an
Austrian magazine that EU wants to have access to Signal and other
messengers aka decryption possibilities ([1], says it abstracts

  [1] https://www.derstandard.at/story/3000000174315/eu-staaten-beharren-mehrheitlich-auf-anlassloser-messenger-ueberwachung
  [2] https://netzpolitik.org/2023/staendige-vertreter-eu-staaten-wollen-chatkontrolle-trotz-warnung-ihrer-juristen/#netzpolitik-pw

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
|..and in spring, hear David Leonard sing..
|The black bear,          The black bear,
|blithely holds his own   holds himself at leisure
|beating it, up and down  tossing over his ups and downs with pleasure
|Farewell, dear collar bear

More information about the Gnupg-users mailing list