There is a work around for Mailman 2.1.17 and newer (older versions don't have ANONYMOUS_LIST_KEEP_HEADERS). Copy ANONYMOUS_LIST_KEEP_HEADERS from Defaults.py to mm_cfg.py if it's not already there. You will then have something like the following (possibly edited by you already). ANONYMOUS_LIST_KEEP_HEADERS = ['^(?!x-)', '^x-mailman-', '^x-content-filtered-by:', '^x-topics:', '^x-ack:', '^x-beenthere:', '^x-list-administrivia:', '^x-spam-', ] In this list, replace the first line with ANONYMOUS_LIST_KEEP_HEADERS = [ '^((?!x-)(?!dkim)(?!authentication)(?!domainkey))', '^x-mailman-', and keep the next 4 lines as is. I.e., you are just replacing '^(?!x-)' with '^((?!x-)(?!dkim)(?!authentication)(?!domainkey))' ** Description changed: - Headers DKIM-Signature:, DomainKey-Signature: and Authentication-Results - are not removed by default from mail to an anonymous list. These headers - can reveal the sending domain. + Headers DKIM-Signature:, DomainKey-Signature: and Authentication- + Results: are not removed by default from mail to an anonymous list. + These headers can reveal the sending domain. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1444673 Title: Anonymous lists can expose the sending domain. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1444673/+subscriptions