On Wed, Nov 25, 2015 at 2:16 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> I think that would put us in a situation where DKIM signatures would still
> pass, at least unless the source insisted on signing Sender: too.
Incidentally I'm confused about your concern about Sender. Sender has
almost no significance for email afaik. It has specified behaviour for
NNTP from whence it was copied but has no behaviour specified for
mail. It's supposed to be the actual account that generated the email
independent of how they want to appear. It's not clear how it's useful
but if it's useful for anything it's reporting abuse to webmail
providers so signing it seems sensible to me and I don't see any
reason for list software to be concerned with it at all.
Afaik MUAs have very little behaviour affected by them. Gmail displays
it (which generally only confuses people). Yahoo uses it to
authenticate mailing list management emails which prevents me from
unsubscribing from lists there. Older versions of Exchange actually
displayed it in preference to the From header whictih *really*
confused people but afaik that's no longer the case. At least I
haven't received any emails from Exchange users to my gmail account
directly in a long time.
--
greg
