== Problem ==
Emails received from WMIT Mailman may have invalid DKIM signature and can be (often) marked as spam.
Example of a problematic header:
```
Authentication-Results: example.wikimedia.it (amavisd-new); dkim=fail (1024-bit
key) reason="fail (message has been altered)" header.d=example.com
header.b=JTAvJYcU; dkim=fail (1024-bit key) reason="fail (message has been
altered)" header.d=example.com header.b=JTAvJYcU
```
Note:
> fail (message has been altered)
== Context ==
When someone (with a recent mailserver, I mean a DKIM-enabled mailserver) sends an email to the WMIT Mailman, it may be cases where the original DKIM firm is valid, but Mailman delivers invalid `DKIM-Signature` signature, and so the email is marked as spam and, often, discarded by receivers.
This happens because Mailman alters the original message. This happens in various ways: changing the subject, adding the prefix `[Something]`, altering the body, altering the `From:`, etc.
Mailman alters the original message and it breaks the original DKIM signature.
== Ideal solution ==
1. strip the `DKIM-Signature:` header since it cannot be valid anymore if Mailman changes the original message
2. (bonus point) preserve the old DKIM signature in another (non?)standard header (uhm... ?... `X-original-DKIM-Signature:`) for cryptography lovers who might want to check it out
3. (bonus point) just in case, introduce a new DKIM-Signature: header respecting the new message delivered from the mailing list
Having said that, I don't think this solution can be implemented easily in Mailman.
== Proposed solution ==
Edit the Mailman configuration file and set `remove_dkim_headers: yes` in order to strip the header `DKIM-Signature:` that usually contains an invalid firm, since the original message was altered by Mailman and so its crypto signature is invalid.
Related documentation explaining default value:
```
# Some list posts and mail to the -owner address may contain DomainKey or
# DomainKeys Identified Mail (DKIM) signature headers <http://www.dkim.org/>.
# Various list transformations to the message such as adding a list header or
# footer or scrubbing attachments or even reply-to munging can break these
# signatures. It is generally felt that these signatures have value, even if
# broken and even if the outgoing message is resigned. However, some sites
# may wish to remove these headers by setting this to 'yes'.
remove_dkim_headers: no
```
https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config/docs/config.html#remove-dkim-headers