Several users have complained for some time that our DMARC/DKIM handling
is not correct. I've recently had time to go study DMARC, DKIM, SPF,
SRS, and other tasty morsels of initialisms, and have thus made a change
to how Mailman handles DKIM signatures for the list:
If a domain advertises that it will reject or quarantine messages that
fail DKIM (through its DMARC policy in the DNS text record
_dmarc.<domain>), the message will be rewritten to be "From" ceph.io,
and SPF should be correct. I do not know if it will regenerate a DKIM
signature in that case for what is now it's own message. The From:
address will say something like "From Original Sender via ceph-users
<ceph-users@xxxxxxx> so it's somewhat clear who first sent the message,
and Reply-To will be set to Original Sender.
Again, this will only happen for senders from domains that advertise a
strict DMARC policy. This does not include gmail.com, surprisingly.
Let me know if you notice anything that seems to have gotten worse.
Next on the list is to investigate if DKIM-signing outbound messages, or
at least ones that don't already have an ARC-Seal, is appropriate and/or
workable.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
