On Apr 3, 2025, at 09:10, Ed Leafe edleafe@gmail.com wrote:
Sending this from my gmail account to see if it posts correctly...
Well, it did and it didn't. I've read up a bit more, and it seems that since the list software doesn't change the 'From: ' header, the original DKIM auth headers should remain as-is. Likewise, since DKIM is based on the 'From: ' header's domain, the list shouldn't be adding a DKIM header for leafe.com http://leafe.com/, since it would only be valid on my posts. :-P
The only other option is to enforce DKIM validation on the posts to the list, and reject posts that fail. That would ensure that everything the list sends out passes DKIM auth for the recipients, but would limit the people who can post to the list. For example, Rick Shummer's recent post about Virtual Fox Fest contained no DKIM headers, and as a result several people reported that it was blocked by their mail system. I could configure my server to reject such posts, which is technically the correct solution, but not everyone has control over their email like I do.
Any thoughts? Leave things as-is, or enforce authentication on the senders?
-- Ed Leafe