[Mailman-Users] cause of bounces

Grant Taylor gtaylor at tnetconsulting.net
Wed Oct 18 18:38:52 EDT 2017

On 10/18/2017 03:42 PM, Dimitri Maziuk wrote:
> Because the very first $relayhost may apply transport encoding. You have 
> to compute the hash before that happens.

It's my understanding that DKIM is usually applied by the egress MSA / MTA.

I guess an MSA could apply DKIM itself.  It would need to publish it's 
public key / selector in DNS.  So that's probably a reason not to have 
every MUA apply DKIM itself.  It is probably much more economical to 
apply DKIM at the MSA / 1st MTA.

Ideally intermediary MTAs / receiving MTA would not need to apply 
content transfer encoding.

It's my understanding that MTAs prefer to avoid changing the message 
unless there is a requirement to do so.  I.e. downstream MTA won't 
accept the message as it currently is.

My "why can't you..." question was more why can't an MX do an operation 
that an MUA can do.  -  I was thinking you were saying that a receiving 
MTA couldn't validate before accepting a message.

> That does not contradict what I said. Low specificity means low
> probability of detection of "bad stuff". I.e. it doesn't mean much that
> most of it passes.

> Ohkay, so what exactly am I the end user is supposed to need it for?

I don't know that DKIM is really targeting end users.  I think DKIM is 
more targeting postmasters to configure on their MTAs.

I'm using a Thunderbird add-on that allows me to see / validate DKIM in 
my receiving MUA.  (My MSA applies DKIM for me.)

I, as a postmaster, want DKIM for a couple of reasons, 1) I want to be 
able to filter incoming messages based on DKIM (for better or worse) and 
2) outgoing DKIM signing for use in conjunction with DMARC.

You (/me waves hands around the room) may not care enough to bother with 
DKIM.  That's your prerogative.  Just like we are all free to run our 
mail servers that way that we want to.

Grant. . . .
unix || die

More information about the Mailman-Users mailing list