On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn wrote: > The new list currently has footers removed during testing. I am not >> pleased with the need to remove the subject tag and footer to be more >> compatible with DKIM users. >> > > Lists can do what are effectively MITM attacks on people's messages in any > way they like, if they resign for the messages themselves. That seems fair > to me! :) > Mailman isn't resigning it. Should it be? Does other mailing list software? > > >> I'm guessing DKIM enforcement is not very common because of issues like >> this? >> > > DKIM is used by most mail on the internet. DMARC rules that publish in DNS > statements like "All mail from bitpay.com is signed correctly so trash > any that isn't" are used on some of the worlds most heavily phished domains > like google.com, PayPal, eBay, and indeed BitPay. > > These rules are understood and enforced by all major webmail providers > including Gmail. It's actually only rusty geek infrastructure that has > problems with this, I've never heard of DKIM/DMARC users having issues > outside of dealing with mailman. The vast majority of email users who never > post to technical mailing lists benefit from it significantly. > > Really everyone should use them. Adding cryptographic integrity to email > is hardly a crazy idea :) > I understand the reason to protect the "heavily phished" domains. I heard that LKML does not modify the subject or add a footer, perhaps because it would make it incompatible with DKIM of the several big corporate domains who participate. I suppose it is somewhat acceptable for us to remove subject tags and footers if we have no choice... Warren