On 11/24/2015 07:55 PM, Tom Lane wrote:
> [snip]
> The clearly critical thing, though, is that when forwarding a message from
> a person at a DMARC-using domain, we would have to replace the From: line
> with something @postgresql.org. This is what gets it out from under the
> original domain's DMARC policy.
One possibility that comes to mind:
- Remove the sender's DMARC headers+signature **after thoroughly
checking it** (to minimize the amount of UBE/UCE/junk going in)
- Replace the sender's (i.e. 'From:' header) with
list-sender+munched-email@postgresql.org (VERP-ified address)
- Add the required headers, footers, change the subject line, etc
- DKIM-sign the resulting message with postgresql.org's keys before
sending it
> [snip]
>
> If Rudy's right that Gmail is likely to start using p=reject DMARC policy,
> we are going to have to do something about this before that; we have too
> many people on gmail. I'm not exactly in love with replacing From:
> headers but there may be little alternative. We could do something like
> From: Persons Real Name <nobody@postgresql.org>
> Reply-To: ...
> so that at least the person's name would still be readable in MUA
> displays.
Yup
> We'd have to figure out whether we want the Reply-To: to be the original
> author or the list; as I recall, neither of those are fully satisfactory.
Or just strip it, though that trump the sender's explicit preference
(expressed by setting the header)
I might be able to help a bit with implementation if needed.
/ J.L.