[Mailman-Users] DKIM best practise

Yasir Assam mail at endlessvoid.com
Mon Jun 22 08:10:27 CEST 2015

On 22/06/2015 1:58 PM, Stephen J. Turnbull wrote:
> As Mark already said, according to the standards it is correct and
> good practice to add a DKIM signature to every message you process
> outside of the MTA and then reinject into the Internet mail system.
> In more friendly terms, if you simply pass on the message *exactly* as
> received except for adding "Received" and 2List-Post" to the front of
> the message, you don't need to DKIM sign but it doesn't hurt.  But if
> you change the message (eg, by adding a list signature or by adding
> the list name to the Subject field), you *should* DKIM sign.

Got it, thanks.

>  > I subscribed to mailman-users at python.org using a Yahoo address, and
>  > interestingly, 2 emails ended up in spam (one of which was my original
>  > post, which is from a non-yahoo address).
> Yahoo and Hotmail are a child's garden of diseases when it comes to
> their behavior in the mail system.  Outlook and Gmail also cause
> problems.  It would be OK if there was only one 800 pound gorilla
> around, you'd just adapt.  The problem is that there are several, and
> they have conflicting requirements.  You can't satisfy them all.

I was hoping there was a way to pacify all these gorillas, but it looks
like there isn't.

>  > This isn't quite true in my case. You're right about all the headers,
>  > except that Mailman is adding a CC field with the list address.
> I don't think that Mailman adds the CC:.

I think it does in my version of Mailman (2.1.18 on Debian Jessie).

So it sounds like I should do the following:

  * DKIM sign all mail sent by mailman
  * Don't remove existing DKIM headers
  * from_is_list = No
  * dmarc_moderation_action = wrap message

I'll tell my users to keep checking their spam folders and marking my
mail as not spam, and hope that yahoo and others learn to flag my list
mail as not spam over time.


More information about the Mailman-Users mailing list