I've noticed of late that emails sent by yahoo users that get relayed by mailman end-up without the domainkey header entry  and thus in various yahoo users' bulk (ie. spam) folder. Is there anything that can be done to remedy this issue ? Can a site's mailman application add a locally qualified domainkey entry header (or keep the original entry as-is) ? If so, how and/or is there a place I can read more about this (didn't see any mention in the FAQ).
Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
"Nadim" == Nadim Shaikli email@example.com writes:
Nadim> I've noticed of late that emails sent by yahoo users that Nadim> get relayed by mailman end-up without the domainkey header Nadim> entry and thus in various yahoo users' bulk (ie. spam) Nadim> folder. Is there anything that can be done to remedy this Nadim> issue ? Can a site's mailman application add a locally Nadim> qualified domainkey entry header (or keep the original Nadim> entry as-is) ?
According to the DomainKeys FAQ:
How does DomainKeys work with mailing lists?
Mailing lists that do not change the content or re-arrange or append headers will be DomainKey compatible with no changes required. Mailing lists that change the message and headers should re-sign the message with their own private key and claim authorship of the message.
Unfortunately, standard mailing lists will change/append certain headers, breaking the signature. Specifically, Mailman does change the Sender header, which means DomainKeys can't just pass through. You need to re-sign.
Based on that page, AFAICT it would be a bad idea for list management software like Mailman to support DomainKeys itself, except that it should optionally be configured to check for DomainKeys flags from the incoming MTA, and optionally submit the mail to the DomainKeys submission service port instead of SMTP for outgoing nail. Mailman supports both of those configurations already. Then you should get an MTA that supports DomainKeys (see the DomainKeys FAQ for a list), and you'll also have to fix up your DNS to publish the keys.
Note that it's unclear whether implementing DomainKeys yourself will help very much, as it depends on whether the users care which domain has been authenticated, or if simply proving that you're not a spoof is enough. Probably most users will just look for unspoofed mail and let it through, and you'll be fine, but that depends on your user base. You may have to educate them to add your domain to the list they accept.
Footnotes:  It looks to me like "claim authorship" is in error. As far as I can tell from the DomainKeys page, DomainKeys verifies the sending domain, not the author's domain, although the page refers to authors and From several times.
 Mailman is just one user of the typical system, and is not the domain "owner". Since DomainKeys authenticates domains rather than users, it should be done by the domain's mail server, not by user mail agents. (You have to reconfigure the DNS even if the mailing list manager does the signing, so even with signing implemented in Mailman you would need very high administrative privilege to implement DomainKeys.)