Re: [openpgp] Encrypted emails with cleartext copies [was: Re: use of .well-known in WKD and HKP]

Bart Butler <> Thu, 02 November 2023 11:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0E99DC1519A4 for <>; Thu, 2 Nov 2023 04:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0u-WYqkSwFbH for <>; Thu, 2 Nov 2023 04:39:00 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 2DBCEC15154E for <>; Thu, 2 Nov 2023 04:39:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=protonmail3; t=1698925137; x=1699184337; bh=I8EjBeJWJQyDD2+DXfZMXKVYturROi4l/vdNLFs95QY=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=PW0nrdxeXYK4Uu1GAul2VLb/lwzbA1DfHBqyiYAkesGvXEhmTS9scXmChlVcw3Kmx eEGWHFoQUZec8TceE4oRpQ4by5CoXc2u7g6DjZvR4Vw/o7+S0FGS0EERFhgLNp4lb3 xDM6zSopNmbBotQMgXNqWnurktUYOKcwf7bQHGNa8ARdOWdCum7jQGGFaGxgchGkNM aFHhXZZbA2R+1W+7Azf1bz55jaBPBT50A9h2XsfBBXZa/znNf2VYYcvSd2a+QEVa2x gnJFd7ZPzXD0YMhtTNlVZVKBis7/gBeDmlWUAtXx1N7IZ0H6M/9pSaIF4dmn1PjwBH fvfecGDB0/VZg==
Date: Thu, 02 Nov 2023 11:38:49 +0000
To: Wiktor Kwapisiewicz <>
From: Bart Butler <>
Cc: Daniel Huigens <>,
Message-ID: <>
In-Reply-To: <>
References: <> <>
Feedback-ID: 5683226:user:proton
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="------47dbbeeebf7e03cdfbbde964af288f68cf275604bcf3af52c4798d5122b640cb"; charset="utf-8"
Archived-At: <>
Subject: Re: [openpgp] Encrypted emails with cleartext copies [was: Re: use of .well-known in WKD and HKP]
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Nov 2023 11:39:05 -0000

Hi Wiktor,

As an aside to the main discussion here, I agree with you that rewriting From is not great, but most mailing lists do it because they have to. Either the original email has an enforcing DMARC policy but only SPF aligned (which is terrible but it happens--I would love to mandate aligned DKIM given it's 2023), or, less forgivably, the list modifies the body content and breaks the aligned DKIM signature.

In some cases it's stupid optional stuff like with footers which should go extinct. But even if you turn all that off, software like Mailman (any version) simply does not support forwarding along the raw email without breaking DKIM in some cases, which I discovered to my horror a month or two back. 


On Thursday, November 2nd, 2023 at 12:26 PM, Wiktor Kwapisiewicz <> wrote:

> I think it works like that because the Mailing List software rewrites
> From. If I sent you e-mail directly and CC'd the list then you'd get
> two copies of the same e-mail: one with From me and one with rewritten From.

> I'm not a big fan of rewriting e-mails. This sounds like a workaround
> instead of addressing the problem where it originated from (e.g. for
> DMARC signatures some mailing lists don't modify From e-mails and only
> append List-* headers. List-Unsubscribe exists and this plays well with