[dmarc-discuss] a detour into S/MIME, was MLM and Header-From rewriting

Rock, Paul paul.rock at teamaol.com
Tue Jun 10 13:03:29 PDT 2014


The mail from you directly works fine in Outlook, showing up with the cert icon in the mail list. Mail.app doesn't seem to have any indicator of the signing, but it's not showing a warning either.

Now, the really amusing thing is that when the mail from the listserv came in, it's "merged" with the direct mail, and I now have a warning on your message that there's a mismatch again. I think this is probably a bug with Mail.app however because it says your mail is signed by you, but it's trying to compare it with my signature  - the cert that's failing is mine.

PAUL ROCK
Senior Programmer/Analyst | AOL Mail
P: 703-265-5734 | C: 703-980-8380
AIM: paulsrock
44900 Prentice Dr. | Dulles, VA | 20166-9305

On Jun 10, 2014, at 11:32 AM, David Woodhouse <dwmw2 at infradead.org> wrote:

> On Tue, 2014-06-10 at 15:08 +0000, Rock, Paul via dmarc-discuss wrote:
>> Depends on the client as well. Currently the version of Outlook (2010)
>> I'm using on my Windows box also treats the signature as an attachment
>> it doesn't know what to do with. 
> 
> That's odd — that's one of the few things Outlook normally gets right.
> Is it an artefact of the footer that the list adds, complicating the
> MIME structure? Anything outside the most basic MIME structure is one of
> the *many* things that Outlook and Exchange usually get catastrophically
> wrong :)
> 
> You should receive two copies of *this* mail... does the direct one work
> as expected? (That's the use case for any kind of email from banking
> systems, anyway.)
> 
> Yes, it's not a simple solution for the declining number¹ of webmail
> users. I understand there are browser plugins which offer S/MIME support
> for at least GMail, which is the largest webmail user base — but that's
> still a bit different from "it just works" as you get with a real MUA.
> 
>> Mail.app (version 7.3) on my Mac does understand that David has a
>> signature, but I have a big warning across the top of the mail that
>> the signature can't be verified due to an email address mismatch.
>> Granted, that's an artifact of the mailing list, but even still,
>> here's a live case where S/MIME has an issue - and I'm sure that David
>> and anyone else using a client that supports S/MIME will see the same
>> warning about mail on this list from me.
> 
> Using Evolution, the GNOME mail client, I see that the mail has a valid
> signature from Paul Rock <paul.rock at teamaol.com>. I am left to
> cross-check that address against the address in the From: header, should
> I desire to do so.
> 
> I may file a bug suggesting that the UI should make that mismatch
> clearer.
> 
> -- 
> dwmw2
> 
> ¹ https://litmus.com/blog/email-client-market-share-where-people-opened-in-2013
>  suggests that the figure is now around 20%.
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140610/7d69a9f2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4833 bytes
Desc: not available
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140610/7d69a9f2/attachment.bin>


More information about the dmarc-discuss mailing list