[Rspamd-Users] dkim / oversign "sender" header

Vsevolod Stakhov vsevolod at rspamd.com
Sun Apr 21 14:11:02 UTC 2019


On 21/04/2019 11:50, Ralph Seichter wrote:
> * A. Schulze:
> 
>> Is "(o)sender" really a good default?
> 
> Definitely not, as the recent discussion on the Postfix mailing
> list clearly demonstrates. RFC 6376 [1] agrees:
> 
> "Signers SHOULD NOT sign an existing header field likely to be
> legitimately modified or removed in transit."
> 
> -Ralph
> 
> [1] https://tools.ietf.org/html/rfc6376#section-5.4
> 
Same RFC section:

For this reason, signing fields present in the message such as Date,
Subject, Reply-To, Sender, and all MIME header fields are highly advised.

Google signs `Sender` it is advised to sign Sender by RFC so I see no
reasons why not to sign this header. If your mailman rewrites this
header then fix it.


More information about the Users mailing list