[169530] in North American Network Operators' Group
Re: Are DomainKeys for e-mail signing dead?
daemon@ATHENA.MIT.EDU (John Levine)
Fri Feb 28 21:42:50 2014
Date: 1 Mar 2014 02:41:58 -0000
From: "John Levine" <johnl@iecc.com>
To: nanog@nanog.org
In-Reply-To: <CF3653F0.12257F%zwicky@yahoo-inc.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>If your LISTSERV
> -- gets mail from somebody with a domain that requires their mail to be
>validly signed (for instance, via DMARC)
> -- leaves that sender's address in the From: line
> -- and breaks the DKIM signature
Ah, that problem.
I'd strongly suggest a shim in front of LISTSERV that checks for DMARC
policies other than p=none and rejects the incoming mail, simply to
protect other members of the list. Otherwise people who follow DMARC
advice will reject list mail and get bounced off the list. Yes, this
actually happens.
R's,
John
