-
-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How can I ignore a list signature, so that full message is signed? #4228
Comments
I wonder why (some) lists inject a signature, instead of adding a header field. By adding a header field, they wouldn't be destructive to the message, and wouldn't cause problems like this one. They could do something like:
(I completely made up those header field names.) |
That would indeed make a lot of sense! My university also injections messages, like prepending "[External Email]". In theory they would argue it makes it more secure, but I would disagree. I suppose it depends on the user. |
Does your university add "[External Email]" to the body or to the Subject? If it's done on the subject, I hope they do it only on the unprotected subject. If they don't edit the protected subject, the signature should remain valid. However, they may have a bug, and replace also the protected Subject. Yesterday, I had to report a bug to my mail provider, which seemed to be injecting a header before any From header field, and since mutt(1) has a bug by which it protects the From header field (among others), my mail provider was injecting a header field in the protected header, and thus invalidating my signature (for some reason, either my provider or mutt(1) only reproduce this bug sometimes, so my signature remained valid most of the cases). The mail provider fixed the bug in a few minutes after my report, though, so they were nice. :-) Anyway, you could report a security bug (especially to the mailing list). Maybe they fix it. |
Editing the message body is a "feature" of MS Exchange... |
Wow, it's nice to hear stories like this :) Indeed, my university moved to MS Exchange, and it is an edit of the message body. In any case, thanks for your issues on protecting headers and signatures. I hope to use PGP increasingly more. |
It's migadu, in case you might be interested: https://migadu.com/.
Heh, if it's recent, maybe you can push with bug reports that it's trashing security. They'll probably ignore them, but there might be a chance.
Thanks! :-} |
Actually I am interested. Thanks! I'll check them out. |
I've found a few headers that are used by mailing lists:
Please ask that mailing list to use these instead of editing the mail body. See https://www.iana.org/assignments/message-headers/message-headers.xhtml |
Thanks, I will look into those. It would be nice if they can use better practices. Even without the signature issue, it is annoying that the message is edited. |
I use GPG and validation of signatures often. On a certain mailing list, I always get the following warning when opening a message:
I believe it's because the mailing list appends the following signature to every message:
I think there are ways in NeoMutt to filter, etc. How can I ask NeoMutt to either not show me that signature, or to ignore it when checking the signature? This way, the warning would not show, and I would not be insensitive to it (as I currently am) if there is ever a non-trivial part of the message that wasn't signed.
Thanks!
The text was updated successfully, but these errors were encountered: