[Mailman-Users] cause of bounces
gtaylor at tnetconsulting.net
Wed Oct 18 18:38:52 EDT 2017
On 10/18/2017 03:42 PM, Dimitri Maziuk wrote:
> Because the very first $relayhost may apply transport encoding. You have
> to compute the hash before that happens.
It's my understanding that DKIM is usually applied by the egress MSA / MTA.
I guess an MSA could apply DKIM itself. It would need to publish it's
public key / selector in DNS. So that's probably a reason not to have
every MUA apply DKIM itself. It is probably much more economical to
apply DKIM at the MSA / 1st MTA.
Ideally intermediary MTAs / receiving MTA would not need to apply
content transfer encoding.
It's my understanding that MTAs prefer to avoid changing the message
unless there is a requirement to do so. I.e. downstream MTA won't
accept the message as it currently is.
My "why can't you..." question was more why can't an MX do an operation
that an MUA can do. - I was thinking you were saying that a receiving
MTA couldn't validate before accepting a message.
> That does not contradict what I said. Low specificity means low
> probability of detection of "bad stuff". I.e. it doesn't mean much that
> most of it passes.
> Ohkay, so what exactly am I the end user is supposed to need it for?
I don't know that DKIM is really targeting end users. I think DKIM is
more targeting postmasters to configure on their MTAs.
I'm using a Thunderbird add-on that allows me to see / validate DKIM in
my receiving MUA. (My MSA applies DKIM for me.)
I, as a postmaster, want DKIM for a couple of reasons, 1) I want to be
able to filter incoming messages based on DKIM (for better or worse) and
2) outgoing DKIM signing for use in conjunction with DMARC.
You (/me waves hands around the room) may not care enough to bother with
DKIM. That's your prerogative. Just like we are all free to run our
mail servers that way that we want to.
Grant. . . .
unix || die
More information about the Mailman-Users