Ángel wrote in <14341e304e23ff2bb276f727991228740c8bb470.camel@xxxxxxxxxx>: |On 2024-07-20 at 16:30 -0400, James Ralston wrote: |> The real issue here is that the Mailman configuration for the |> openssh-unix-dev list does not appear to set |> `dmarc_moderation_action` |> (in `Privacy options` - `Sender filters`) to either `Munge From` or |> `Wrap Message`, which is necessary for lists where ... | |"Necessary" if the client machines re going to penalize DMARC that way. | |If the clients recognised that the user is subscribed to that mailing |list and thus wouldn't penalise it as a forged mail, we wouldn't need |to change the mails to show a fake sender on From: i will never understand how the IETF can map that "one hop reputation" of for example DKIM .. to quote myself (ie "Organizational Trust" of RFC 5863) to entire message chains "over the corner" aka "many hops" (like ARC etc). But yes, if MUAs would give the user an option to wave through a chain of emails where each hop verifies and signs DKIM, and where DKIM would notify "i changed the message, it is useless to try to verify elder signatures", this would be fine. But it will likely nonetheless require From: changes (and if only for the others). The IETF has a nice approach with tables where you get the real name with <address@xxxxxxxxxx...> in From:. But that is complicated to do. (But *IF* ie GMail would allow this we could get rid of DMARC and ARC altogether etc, at least. That would be a good thing imho.) P.S.: that terribly to use port-knocker i posted had some bugs i have fixed in a 0.8.1; if you knock hard enough, it will do it for you. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev