On Tue, Aug 13, 2024 at 10:18:14PM GMT, brian m. carlson wrote: > The article you linked still recommends DKIM. In addition, the article > I linked doesn't appear to limit itself to non-mailing lists in any way. > It says, "email senders", and a mailing list sends emails. In fact, it > explicitly mentions "[i]f you manage a forwarding service, including > mailing lists or inbound gateways," so it still appears to cover both > cases and apply to all senders, with only some additional requirements > applying to forwarding services. > > In general, adding DKIM (whether or not ARC is supported) _will_ > dramatically improve the deliverability of email in general, so it's a > win overall. Sorry, but this is not factually correct. Adding a DKIM signature to a message where the From: lists a different domain has no impact on anything at all when it comes to the chances of it being marked as Spam at google. E.g. your message has: From: "brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> And it already has a DKIM signature for your domain. Adding another DKIM signature for vger.kernel.org will serve no purpose, because there is no alignment between "vger.kernel.org" and the domain in your From: address. In fact, we do add a cryptographic signature, but in the ARC record: https://lore.kernel.org/git/Zrvbpt3Fkl8yjesP@xxxxxxxxxxxxxxxxxxxxxxxxxxxx/raw It's from the overlord subspace.kernel.org domain, but it doesn't need to align with "vger.kernel.org". > Adding one-click unsubscribe would also probably keep some > of those unsubscribe messages from hitting the list since people could > automatically use the functionality of their mail client to unsubscribe. This is not possible without rewriting the From: header, which will break all patches. We cannot modify the message content or any of the main headers that are DKIM-signed (this bit is mentioned in the forwarder guidelines I linked to). > And from a personal point of view, it is definitely useful for me, as > someone who manages their own mail server, to heavily negatively score > all email without DKIM, but I can't do that because vger doesn't add > any. That's the only thing preventing me from doing that. There is a small subset of active git mailing list posters who send mail that is not DKIM-signed, for example Jeff King: https://lore.kernel.org/git/20240813124550.GC968816@xxxxxxxxxxxxxxxxxxxxxxx/raw However, signing their messages with a DKIM signature from vger.kernel.org will serve no purpose, unless we also rewrite the From: to match the vger.kernel.org domain. The From: field would need to be something like: From: Jeff King via Git Mailing List <foo+somemagic+peff.peff.net@xxxxxxxxxxxxxxx> This is called "From-munging" and is not acceptable on any mailing list that sends and receives patches, because this changes the Author of the patch. Thing is, this has nothing to do with vger, because if Jeff emails you directly and you set a high negative score for messages without a DKIM signature, you won't get his mail either. The fact that it traversed or didn't traverse vger.kernel.org has no impact on that. -K