[ietf-dkim] Wrong Discussion - was Why mailing lists should strip DKIM signatures
iane at sussex.ac.uk
Wed Apr 28 02:18:38 PDT 2010
--On 27 April 2010 13:29:25 -0600 "McDowell, Brett" <bmcdowell at paypal.com>
> Are there MLM vendors or service providers on this list who feel they
> know enough about this use case at this point to have a firm position
> either for or against standardizing this functionality?
I'm neither, but I know that Mailman has the option (per list) to remove
DKIM headers. IIRC, that's because some sites were incorrectly rejecting
list messages because of the broken headers. That was causing list members
to become unsubscribed.
Mailman doesn't check DKIM signatures, or add them. Quite properly, in my
opinion, this is regarded as the business of the local MTA, not the MLM
I guess that one enhancement would be the ability to require (per site, per
list or per user) that senders are authenticated by a DKIM signature, was
well as authorised, before they can send mail to the list. That would
require tighter integration than Mailman 2 offers, but it might be feasible
with Mailman 3.
For example, Mailman 3 will accept mail over LMTP and will reject
unauthorised emails at RCPT TO. That will allow Exim to call forward to
test authorisation at SMTP time. Doing something clever with 2xx return
codes might allow Mailman 3 to say "only if authenticated", otherwise such
policy could be expressed in a common directory service like LDAP.
IT Services, University of Sussex
For new support requests, see http://www.sussex.ac.uk/its/help/
More information about the ietf-dkim