On Mon, Oct 23, 2023 at 07:23:23PM +0200, Markus Reschke via Exim-users wrote:
> When you check out the h tag of the DKIM signature header of the
> large email services you'll see that they usually have only a few
> signed headers (less processing load) and some oversign specific
> headers. E.g. gmail seems to oversign
> from:to:cc:subject:date:message-id:reply-to, and Yahoo
> From:Subject:Reply-To. Based on the DKIM RFCs and the current
> reality I'd say that exim's default for dkim_sign_headers is simply
> overkill and we should add a bunch of '=' prefixes, maybe a few '+'
> for essential headers.
I have been thinking about this all day, with increasing hopelessness
:-(
Is there even a "best practice" for mailing lists, what they do with
incoming DKIM signatures? I see that this list removes them, and it
really has no choice because it modifies the From header (and maybe
the Subject too, although I won't know about it because I hide it in
my MUA). But the postgres list must keep them, if they were a problem
in my messages.
As it is now, I'm inclined to just stop signing messages to lists.
--
Ian
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/