[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Are DomainKeys for e-mail signing dead?

Subject: Are DomainKeys for e-mail signing dead?
From: johnl at iecc.com (John Levine)
Date: 1 Mar 2014 02:41:58 -0000
In-reply-to: <CF3653F0.12257F%[email protected]>

>If your LISTSERV
>	-- gets mail from somebody with a domain that requires their mail to be
>validly signed (for instance, via DMARC)
>	-- leaves that sender's address in the From: line
>	-- and breaks the DKIM signature

Ah, that problem.

I'd strongly suggest a shim in front of LISTSERV that checks for DMARC
policies other than p=none and rejects the incoming mail, simply to
protect other members of the list.  Otherwise people who follow DMARC
advice will reject list mail and get bounced off the list.  Yes, this
actually happens.

R's,
John

Prev by Date: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?)
Next by Date: Managing IOS Configuration Snippets
Previous by thread: Are DomainKeys for e-mail signing dead?
Next by thread: Managing IOS Configuration Snippets
Index(es):
- Date
- Thread