cypherpunks administrivia: no more reply-to header stripping
Folks, Until now, mailman has been stripping Reply-To: headers from messages to the list. I've just turned this off. Some webmail services (notably, Yahoo!) set the Reply-To: header and include it in the headers signed with DKIM. Stripping Reply-To: thus breaks the DKIM signature. In the case of Yahoo! this signature breakage is especially problematic, because their DMARC policy is set to reject. (In other words, messages with yahoo.com in the From: header that fail both SPF and DKIM should be rejected by compliant mail services, e.g., AOL, Gmail, Hotmail, Yahoo!) Messages to the mailing list should pass SPF, since the envelope sender domain for list messages is cpunks.org and I publish an appropriate spf RR. However, any list subscriber who forwards mail to another account will have broken SPF and an invalid DKIM signature, which trips the DMARC policy and causes delivery failures. I realize that this might cause some inconvenience, but I would prefer to err on the side of successfully delivering messages whenever possible. If you're using procmail and prefer the old behavior, the following recipe should suffice: :0H * ^list-id.*cypherpunks.cpunks.org | formail -IReply-To -=rsw
participants (1)
-
Riad S. Wahby