How can I ignore a list signature, so that full message is signed? about neomutt HOT 9 OPEN

Editing the message body is a "feature" of MS Exchange...

from neomutt.

The mail provider fixed the bug in a few minutes after my report, though, so they were nice. :-)

Wow, it's nice to hear stories like this :)

Indeed, my university moved to MS Exchange, and it is an edit of the message body. In any case, thanks for your issues on protecting headers and signatures. I hope to use PGP increasingly more.

from neomutt.

I wonder why (some) lists inject a signature, instead of adding a header field. By adding a header field, they wouldn't be destructive to the message, and wouldn't cause problems like this one.

They could do something like:

Mailing-List-Archives: <http://lists.lyx.org/mailman/listinfo/lyx-devel>
Mailing-List: lyx-devel mailing list <[email protected]>

(I completely made up those header field names.)

from neomutt.

That would indeed make a lot of sense! My university also injections messages, like prepending "[External Email]". In theory they would argue it makes it more secure, but I would disagree. I suppose it depends on the user.

from neomutt.

Does your university add "[External Email]" to the body or to the Subject? If it's done on the subject, I hope they do it only on the unprotected subject. If they don't edit the protected subject, the signature should remain valid.

However, they may have a bug, and replace also the protected Subject. Yesterday, I had to report a bug to my mail provider, which seemed to be injecting a header before any From header field, and since mutt(1) has a bug by which it protects the From header field (among others), my mail provider was injecting a header field in the protected header, and thus invalidating my signature (for some reason, either my provider or mutt(1) only reproduce this bug sometimes, so my signature remained valid most of the cases). The mail provider fixed the bug in a few minutes after my report, though, so they were nice. :-)

Anyway, you could report a security bug (especially to the mailing list). Maybe they fix it.

from neomutt.

The mail provider fixed the bug in a few minutes after my report, though, so they were nice. :-)

Wow, it's nice to hear stories like this :)

It's migadu, in case you might be interested: https://migadu.com/.
I can only say good things about them. :)

Indeed, my university moved to MS Exchange, and it is an edit of the message body.

Heh, if it's recent, maybe you can push with bug reports that it's trashing security. They'll probably ignore them, but there might be a chance.

In any case, thanks for your issues on protecting headers and signatures. I hope to use PGP increasingly more.

Thanks! :-}

from neomutt.

It's migadu, in case you might be interested: https://migadu.com/.
I can only say good things about them. :)

Actually I am interested. Thanks! I'll check them out.

from neomutt.

I've found a few headers that are used by mailing lists:

List-Archive, List-Help, List-ID, List-Owner, List-Post, List-Subscribe, List-Unsubscribe, List-Unsubscribe-Post.

Please ask that mailing list to use these instead of editing the mail body.

See https://www.iana.org/assignments/message-headers/message-headers.xhtml

from neomutt.

Thanks, I will look into those. It would be nice if they can use better practices. Even without the signature issue, it is annoying that the message is edited.

from neomutt.