Hi Florian,
On 4/8/21 8:43 AM, [email protected] wrote:
all this is about domains, not local parts
This sounds like it would break variable envelope return path
techniques, unless a mailing list replaces the 5322.from, needlessly
breaking a valid DKIM signature from the original sender.
so, no, VERP should be possible if within the same domain.
Thank you for your response. I realize that I brought VERP into the
discussion even if this was not directly related to the main point I was
interested in.
Jaroslaw already asked what I actually was interested in, unfortunately
you did not reply to their email. Thus I'd like to bring up the question
again.
From my experience the 'Return-Path' of mailing lists usually does not
match the 'From' domain. The exception is DMARC mangling because the
mailing list modifies the email (e.g. by inserting a tag to the
'Subject' or a message footer), thus breaking a valid DKIM signature of
the original sender.
Let me ask specifically with 2 examples from which I expect a modern,
high quality email infrastructure.
1. Postfix mailing list (from 2019, I do not have newer examples,
because I unsubscribed):
(https://marc.info/?l=postfix-users&m=156658856615627&w=2)
Return-Path: <[email protected]>
*snip*
Authentication-Results: chrono.xqk7.com;
dkim=pass (2048-bit key; unprotected) header.d=bastelstu.be
[email protected] header.b="YycB/FJw";
dkim-atps=neutral
Received: from camomile.cloud9.net (camomile.cloud9.net [IPv6:2604:8d00:0:1::3])
(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
(No client certificate requested)
by chrono.xqk7.com (Postfix) with ESMTPS id BA51F56
for <[email protected]>; Fri, 23 Aug 2019 19:28:33 +0000 (UTC)
*snip*
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
s=mail20171119; t=1566588502;
bh=aFqNJCiZq87bsBQpH89egLTm6cM+AbVh5bCGOKcvy/E=;
h=To:From:Subject:Date:From;
b=*snip*
To: [email protected]
From: =?UTF-8?Q?Tim_D=c3=bcsterhus?= <[email protected]>
Observations:
- The 'From' is my email address @bastelstu.be
- The 'Return-Path' is the mailing list @postfix.org
- The DKIM-Signature added by my mail server is valid, because the
Postfix mailing list does not modify my email in a relevant way
(preserving Subject, From, To and Body as-is).
Question: Do I understand correctly that this email would have been
rejected by T-Online.de with the new rules?
2. debian-stable-announce (from 2021):
(https://lists.debian.org/debian-stable-announce/2021/03/msg00000.html)
Return-Path: <bounce-debian-stable-announce*snip*@lists.debian.org>
*snip*
Authentication-Results: chrono.xqk7.com;
dkim=pass (2048-bit key; unprotected) header.d=adam-barratt.org.uk
[email protected] header.b="UTcHixw1";
dkim-atps=neutral
Received: from bendel.debian.org (bendel.debian.org
[IPv6:2001:41b8:202:deb:216:36ff:fe40:4002])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by chrono.xqk7.com (Postfix) with ESMTPS id 6712FF19
for <[email protected]>; Mon, 22 Mar 2021 22:26:30 +0000 (UTC)
*snip*
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=adam-barratt.org.uk; s=ab20190809; h=MIME-Version:Content-Type:Date:To:
Reply-To:From:Subject:Message-ID:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:In-Reply-To:References;
bh=jeFFgtFMvSSXQRDrQ1ThkT9bAYzkWiYZixtVehF2GbE=; b=*snip*
*snip*
From: "Adam D. Barratt" <[email protected]>
Observations:
- The 'From' is @adam-barratt.org.uk
- The 'Return-Path' is the mailing list @lists.debian.org
- The DKIM-Signature added by Adam's mail server is valid, because the
Debian List server does not modify Adam's email in a relevant way
(preserving a large number of headers, including Subject, From and To,
as well as the Body as-is).
Question: Do I understand correctly that this email would have been
rejected by T-Online.de with the new rules?
Best regards
Tim Düsterhus
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
