[Mailman-Developers] feature request: one-click setting to preserve DKIM

[Monica Chew]

Hi Ian,

On Wed, Jan 4, 2012 at 5:23 AM, Ian Eiloart <iane at sussex.ac.uk> wrote:
>
> When a message comes from a Mailman mailing list, the headers carry far more useful identifying information than the From: header. In fact, the purported sender isn't in the From: header, it's in the List-ID: header. It would be better if mail clients (like Gmail's web client) would display this more prominently than the From header. Also, it would be good if lists DKIM signed messages with d= value matching the List-ID header.
>
> Then, the Gmail interface could indicate that the List-ID header was verified, but the From header wasn't.

I agree that mailing list management needs a serious overhaul in the
UI, for Gmail and for other clients.

> Now, if Gmail also prominently exposed the list-unsubscribe header, then the EU regulations on marketing messages would be satisfied. In my view, hiding the unsubscribe information in a menu isn't enough to satisfy the "easy to use" requirement, though it seems that Gmail does better than most vendors in this respect.

The exposure is more than in the menu dropdown. If the message comes
from a mailing list with good reputation, and the user clicks "Report
spam", then Gmail offers to send an unsubscribe message to the mailto
address in List-Unsubscribe. The reason we have the reputation check
is that we do not want spammy senders to use the unsubscribe emails
for list washing.

http://gmailblog.blogspot.com/2009/07/unsubscribing-made-easy.html

> Finally, if Mailman allowed users to choose whether to get the footer added, and subject munged, then Gmail users might avoid these issues anyway. Mailman might provide a list of domains for which this was the default behaviour, and site admins should be able to manage such a list. Mailman might even provide updates for this list. Of course, it's complicated: for example I use Gmail, but with a vanity domain. And then I use the IMAP interface with a client that doesn't expose list headers.
>
> My view is that a one-click setting to preserve DKIM might be useful, but it should carry a health warning saying something like: "If you're an organisation in the EU, and this list helps to promote your organisation, or keep people in touch with your organisation, then selecting this option may be in breach of your country's mail privacy laws." In fact, it may be illegal if you simply have a list subscriber in the EU.

Hmm, this seems difficult to enforce. How would I know if a list
subscriber were in the EU? Even if the member address were obviously
not hosted in the EU, it could easily forward to an EU address.

Thanks,
Monica