[Mailman-Users] non-subscribers getting through--email address in "Real Name"
Mark Sapiro
mark at msapiro.net
Thu Jul 19 18:16:16 EDT 2018
On 07/19/2018 02:37 PM, Grant Taylor via Mailman-Users wrote:
>
> I'd argue that it's best to:
>
> 1) Do all the typical DMARC, DKIM, SPF, etc. filtering on email inbound
> to the mail server.
> 2) Strip DKIM (related) headers from messages going into Mailman.
Mailman can be configured to remove DKIM related headers from incoming
mail before sending. When first implemented, this was done
unconditionally. There were strenuous objections, see the thread at
<https://mail.python.org/pipermail/mailman-developers/2007-February/019346.html>,
and removal was made conditional on REMOVE_DKIM_HEADERS which defaults
to No.
The bottom line is that the DKIM standard (RFC 6376) says that invalid
signatures SHOULD NOT be treated differently fro no signature, and
people feel the invalid signature may have forensic value.
> 3) ...Mailman w/ DMARC friendly settings...
> 4) Apply new DKIM signatures as messages leave the mail server.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list