[Mailman-Users] DMARC handler
Stephen J. Turnbull
stephen at xemacs.org
Sun Jun 22 15:22:17 CEST 2014
Bjoern Franke writes:
> Am Sonntag, den 22.06.2014, 13:33 +1000 schrieb Peter Shute:
> > Yahoo Groups also add something like this in a footer:
> > "Posted by: a real name a-name at a-domain.co.uk"
> > and a series of mailto links below that for replying to the original sender or to the group.
> Well, won't this break DKIM?
DKIM provides *no* policy, except that verifiers should draw the same
conclusions from an invalid signature that they would from the absence
of that signature. So this question really means "Will there be a
valid DKIM signature?" And the answer is "Yes -- the signature by
Yahoo! Groups' own MTA will be valid". Other signatures may be
invalid, but according to DKIM they should be ignored.
Perhaps you meant "won't this break DMARC?" and again the answer is
(perhaps more surprisingly), "no"! The reason is that the mailbox in
From: is @yahoo (or @yahoo-groups or something like that), and that
MTA will DKIM sign after corrupting From: and adding that footer.
This signature will be valid, and the domain in the mailbox in From:
and the signing domain will be the same, and thus will accepted by a
recipient participating in DMARC.
The only problem is that anything Yahoo! Groups can do, the spammers
and phishers can do too. (And of course that it violates RFC 5322.)
 There are caveats to this, of course -- we *are* talking about
*Internet mail*, where *anything* can happen and eventually does.
More information about the Mailman-Users