[Mailman-Developers] New RFC on using DKIM with MLMs

Ian Eiloart iane at sussex.ac.uk
Wed Oct 26 14:29:45 CEST 2011


On 25 Oct 2011, at 17:13, Stephen J. Turnbull wrote:

> Murray S. Kucherawy writes:
> 
>> What it says is the list should re-sign if it modifies the message
>> (or, in general, re-sign anyway).  So append whatever you want,
>> just re-sign the message.  Are you insisting that advice is
>> defective?
> 
> Defective, maybe not.
> 
> But I don't think I would follow it for my own lists.  I'd rather
> remove the signature

I think the advice is to NOT remove the signature. The DKIM spec says that a broken signature is equivalent to the absence of a signature. However, leaving the signature in place can help administrators to diagnose problems with the transmission chain.

> and tell people who are using anal-retentive ISPs
> that refuse to pass unsigned messages to switch, because there are too
> many people out there who will report you as a spammer rather than
> unsubscribe.  I don't want my signature associated with any such
> thing.


I've not come across any such ISPs. I suppose they may exist. 

In my view, all message senders (including list owners) should publish SPF records and DKIM sign messages. Recipients should be satisfied with either an SPF PASS or a good DKIM sig, to give them a reliable domain name to apply reputation tests to.

Most legitimate messages would be identifiable by one of those mechanisms. MLMs would be OK by virtue of the fact that they use their own sender domains. Traditional forwarders usually would not be breaking DKIM signatures, and would not have to worry about SPF breakage.

-- 
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148



More information about the Mailman-Developers mailing list