Developers of Sympa

[Daniel Black <address@concealed>]

All,

It was mentioned recently[1] that DKIM compatibility was a goal. To the 
spirit 
of DKIM I think that email list managers (intermediaries)[2] should have the 
option not to break DKIM signatures, I propose[3] that a global dkim_friendly 
= yes that will disable and hide options that break DKIM signatures. This is 
one way and entire domain can enforce a policy quickly and easily.

The list owner could set anonymous_sender which would once again enable all 
the DKIM breaking options. This is a reasonable tradeoff as modifying the 
source domain removed the burden of ADSP[4] verification. Once the signature 
is 
broken the deployment guide[2] says that the signature may be removed. I 
think 
this is a fair thing to do. Leaving the MTA to performing signing and 
verification is the also becomes easier once the anonymous_sender domain is 
one 
associated with the list instead of the sender.

Another option similar to anonymous_sender like mangle_sender, so the sender 
is recognizable to a human, however doesn't confirm to the sender real email 
address that would cause ADSP to fail (e.g. sympa-
address@concealed), could also have the same effect.

I'm interested in what others think.

[1]https://sourcesup.cru.fr/tracker/?func=detail&group_id=23&aid=4374&atid=170
[2] http://www.dkim.org/specs/draft-ietf-dkim-
deployment-03.html#rfc.section.8.4
[3] 
https://sourcesup.cru.fr/tracker/?func=detail&group_id=23&aid=3523&atid=167
[4] http://www.dkim.org/specs/draft-ietf-dkim-ssp-04.html
Daniel Black
--
Email/List Administrator
CAcert