[tlug] Note to server admins: you're breaking DKIM

["Stephen J. Turnbull" <turnbull.stephen.fw@example.com>]

Chris writes:

 > TLUG server admins,
 > 
 > You might want to consider stripping the DKIM headers from inbound
 > messages.

If it's not in the MUA, recent Mailman 2.1 has an option for doing
this, but it's not on by default because Mailman doesn't have a way of
knowing the signature won't verify, while if it doesn't verify it
SHOULD NOT[1] be removed[2] and SHOULD NOT be treated differently from
no signature at all[3].  (Yes, it's a good bet that the footer will
break it, but I've seen posts with a length limit on the text that do
verify in the wild.)

Pragmatically, I don't see how it can hurt to strip it, though.
Length limits are extremely rare, and spamcheckers that don't GAF
about their users' mail are everywhere.  (Personally I'd leave it in
so I can unsubscribe addresses at nonconforming sites that complain
about broken signatures, but that's just me. ;-)

I-learned-HOWTO-BOFH-from-my-little-sister-ly y'rs,

Steve



Footnotes: 
[1]  A pretty strong prohibition; see RFC2119.

[2]  RFC 4871 sec. 4.2.

[3]  RFC 4871 sec. 6.1.