
Am 11.09.25 um 20:38 schrieb Mark Sapiro:
On 9/11/25 10:03, Stephen J. Turnbull wrote:
I don't think Mark was suggesting that would help with the SPOOFED_UNAUTH problem. I read his mail as saying that it needs to be fixed because it breaks anonymous_list.
Exactly. Issue is now reported at https://gitlab.com/mailman/mailman/-/ issues/1241
In my tests, I sent an email via an anonymized list from an external list member who signed his emails with DKIM.
The email sent via the anonymized list still contained the DKIM header with the following information:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1757947718; x=1758552518; i=medebb@gmx.de; bh=vcgwKHYW2uGBjO0+fBhuE4cVWQCtMNWYPsAtoVGcSpU=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:To:From:Subject: Content-Type:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=efMRr8yABy1/lYtU+rDbUup/kNJlirY6jaBCCMRbu1mHZG+6aa5jwk2+p7xSs2An WI4aVD5Dm5LsUjEz6VIFn7mYF6yy2h7DFoFFKaysbE4SEx8z1Vz23Ob0K9KnOlUgK fX7C+WS1Cr4rg0arSWN/OhRMHZUYwUv6q9Kk7FQcM+92UepNNsgnYNtI9NmGryL36 Ui536gOGLLqg7tpS/RkRYSvSYonHgvnsS2kM5VFdC8Ikyb6RC1Xzy5Nj3pO8xFy// 2xABTzbMuA3jnSTQ5PxlLUT7gg4c8c9WvW18+IAUIJKvedyfWgZnGRUxtDbiFKrDF sbX47CSb1jW6b3UPOg==
This means that both the domain and the email address of the original sender are included.
Don't all DKIM headers also have to be removed from anonymized lists?