I'm not seeing it

Posted Aug 3, 2025 18:10 UTC (Sun) by MarcB (guest, #101804)
In reply to: I'm not seeing it by laurent.pinchart
Parent article: The NNCPNET email network

Well, SPF only DMARC is pure evil. So yes, whoever does that deserves whatever happens.

The approach is basically a variation of the "... if you control the authentication settings of all domains sending to the list and then do not modify the mails" where "control" is replaced by "make requirements towards" or "make assumptions about".

But all in all it is fragile. As soon as any of the headers your list wants or needs to modify is signed, the mail will fail authentication.
For LKML it might work. Users and their employers should be tech savvy enough, but for others this is likely not true.

I'm not seeing it

Posted Aug 7, 2025 12:32 UTC (Thu) by nix (subscriber, #2304) [Link]

> As soon as any of the headers your list wants or needs to modify is signed

Konstantin said (and he's right):

> There should be no changes to any of the existing message headers and no modifications to the message body.

No adding [tags] to the Subject. No adding automatic .sigs. Just add List-Id et al, tweak the envelope sender, and forward on. It just works.