diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml
index df9f68fb1c0832ab68060dd62d2726d588525703..e65ec8ee6e4ef7d9ce44b7ab7a6671c878dc1bf9 100644
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@@ -79,6 +79,7 @@ loc_opendkim:
   selector: "lists"
   signing:
     - "*@lists.crans.org"
+  sender_headers: "List-Post,Sender,From"
   txt_record: |
     lists._domainkey IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7jkgGjxZvQDbgFIuqb59lt7O1Jg6DFTSBxFlTfBW+3MF+AFjBR3AZ/UXwDA1vH4UTZqq0fWN6y6wqE/F7+HDjpqZGGuygZWTGVbBxwiKSjc2kq2mz7kLisE3a/jP8kyQDdb7fWrtTw9fxYu+Ygs0744otjRsui/ZK6zbrO8XQfd5UYnj4IGALeIuVFVLmwTY+VL/xWR/UjcfxgAprRfH0ec8PGlrxhpeLhUSJxw3Q6QfTnDsIpWLfJdgxILGa58TmhH6d+faxa1OIP37wswPjkDykmMFsCQJX9P7mXXR0+1FIRhhNpfCRXXj37udbIezDEMfA15rWSoYinPU+x7i6LhfJD7G40p1oDBiaOimZ8D/PUDAtoWRQeFiNOOQmNqDaVwlaOMvIZH2ZFD2I0eJIDb2FBYqhTb5GVyhKPePqT5FZE0s8SXqvYRNUWHuomS79kfo4TC74UPlavIbyCVTFlLi5ujc5RANm/FuH2w3ns1+YAlCeoblzwVdgN+h4/DI5kI88+0Hf+HCfQg+rPQL7ak7Wszo0iWvYUZ8t+IPbNDcVm5YI6koqkWGgfMrC0bDI5r+ZQACK15Fi6x3tV0umhytgRQWG9MyK61diNIc1LFsyL2lD0oOAjlpDlVSpUnXKhjRPq4YdaIojlgGSsWsq8sBhQTCY5DNHUuJLL1iPqsCAwEAAQ=="  ; ----- DKIM key lists for lists.crans.org
   private_key: "{{ vault.opendkim_private_key_mailman }}"
diff --git a/group_vars/opendkim.yml b/group_vars/opendkim.yml
index 2659b3c89501382f6766f7043293a41a211d7019..51b1dd149cf8332ef16913a299dbc2e8ac779a9c 100644
--- a/group_vars/opendkim.yml
+++ b/group_vars/opendkim.yml
@@ -19,6 +19,7 @@ glob_opendkim:
     - "*.crans.org"
     - "*.crans.fr"
     - "*.crans.eu"
+  sender_headers: ""
   txt_record: |
     mail._domainkey IN TXT "v=DKIM1; k=rsa; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtwkNVd9Mmz8S4WcfuPk0X2drG39gS8+uxAv8igRILgzWeN8j2hjeZesl8pm/1UTVU87bYcdfUgXiGfQy9nR5p/Vmt2kS7sXk9nsJ/VYENgb3IJQ6paWupSTFMyeKycJ4ZHCEZB/bVvifoG6vLKqW5jpsfCiOcfdcgXATn0UPuVx9t93yRrhoEMntMv9TSodjqd3FKCtJUoh5cNQHo0T6dWKtxoIgNi/mvZ92D/IACwu/XOU+Rq9fnoEI8GukBQUR5AkP0B/JrvwWXWX/3EjY8X37ljEX0XUdq/ShzTl5iK+CM83stgkFUQh/rpww5mnxYEW3X4uirJ7VJHmY4KPoIU+2DPjLQj9Hz63CMWY3Ks2pXWzxD3V+GI1aJTMFOv2LeHnI3ScqFaKj9FR4ZKMb0OW2BEFBIY3J3aeo/paRwdbVCMM7twDtZY9uInR/NhVa1v9hlOxwp4/2pGSKQYoN2CkAZ1Alzwf8M3EONLKeiC43JLYwKH1uBB1oikSVhMnLjG0219XvfG/tphyoOqJR/bCc2rdv5pLwKUl4wVuygfpvOw12bcvnTfYuk/BXzVHg9t4H8k/DJR6GAoeNAapXIS8AfAScF8QdKfplhKLJyQGJ6lQ75YD9IwRAN0oV+8NTjl46lI/C+b7mpfXCew+p6YPwfNvV2shiR0Ez8ZGUQIcCAwEAAQ==" ; ----- DKIM key mail for crans.org
   private_key: "{{ vault.opendkim_private_key }}"
diff --git a/roles/opendkim/templates/opendkim.conf.j2 b/roles/opendkim/templates/opendkim.conf.j2
index dd86771a1efe1a32198c4ccc7bbb9885848745a6..8d7c4a699df9b4f145a8e1fb1380a74e8b0c8093 100644
--- a/roles/opendkim/templates/opendkim.conf.j2
+++ b/roles/opendkim/templates/opendkim.conf.j2
@@ -73,6 +73,8 @@ Mode            sv
 # because it is often the identity key used by reputation systems and thus
 # somewhat security sensitive.
 OversignHeaders     From
+{% if opendkim.sender_headers %}SenderHeaders       List-Post,Sender,From{% endif %}
+
 
 ##  resolverconfiguration filename
 ##      default (none)