[Mailman-Developers] dkim-signature headers

Mark Sapiro msapiro at value.net
Fri Feb 2 00:06:25 CET 2007 

Michael Thomas wrote:
>
>Yes, there's no question that mailman as well as lots of other software
>can destroy signatures. In practice as people seem to actually use them,
>it is more theoretical than real. We've been running DKIM signers/verifiers
>for going on a year now and the 99% I quoted is across a 25000 user
>population which probably uses mailing lists far more than most similarly
>sized companies.


I'm sure your statistics are valid for your environment, but I'm not
sure that they are universally applicable. Consider what I think is a
fairly typical situation exemplified by mailman-users at python.org. I
don't know what fraction of incoming posts to this list are
multipart/alternative with text/plain and text/html alternative parts,
but I see many just from people who Cc: me directly.

It would be a fairly simple matter to go through the .mbox archive for
any list that has one and count the number of X-Content-Filtered-By:
Mailman/MimeDel and compare that to the number of messages. in fact, I
just did that for a cycling club discussion list I managed, and just
over 20% of the messages had content removed. Since the most common
result of this is to throw away a text/html part and collapse the
message to a single part, I submit that this will break a significant
number of signatures.

No if the only result of this were that the recipient's MTA/MUAs
considered these messages to be unsigned, that would be OK, but my
understanding is that in some cases at least, these messages are
either discarded or flagged as having invalid signatures. Either of
these alternatives is not good. The former discards wanted messages,
and the latter trains recipients to ignore the fact that signatures
are invalid.

That said, it would be a simple matter to make the removal of these
signature headers a site option (or even a list option, but I think a
site option is more appropriate).

It would be better still to be able to make Mailman play better with
DKIM so that we wouldn't have to break or remove signatures.

I note that Joe is one of the people who first identified the need to
remove these headers. Perhaps together, we can find a better way.

See
<http://sourceforge.net/tracker/index.php?func=detail&aid=1287546&group_id=103&atid=300103>
for some discussion.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Developers mailing list