Re: What are reasonable signing policies?

From: J.D. Falk <>
Date: Tue, 26 Oct 2010 16:53:17 -0700

On Oct 26, 2010, at 8:37 AM, Todd Lyons wrote:

>> We also have some Unix workstations
>> where mutt, for example, invokes /usr/lib/sendmail directly. It's the
>> sendmail daemon on the client that relays the message to the central
>> MTA, doing this without user authentication. I believe that these
>> messages should be signed as well.
> But it is a lesser degree of trust. So you might be better off
> signing it with a different subdomain.

Is it? Presumably the user still has to log in to access mutt.

>> Are there any disadvantages to DKIM-signing? Does this affect e-mail
>> forwarding, for example? How about cases where a user sends messages
>> through their ISP's e-mail server but sets the sender to their
>> university address? Will anything stop working when I enable signing?
> I can't think of any disadvantages, but I can think of one advantage
> in particular: making $BIG_ISP a little less likely to blacklist you.
> Since we started signing with (first DomainKey, then now) DKIM, we
> have had no issues with deliverabilty to Yahoo in over 2 years.

Good for you! However, that's probably because you're running a clean system rather than because of DK or DKIM. Yahoo! staff (as well as staff at other ISPs) have said repeatedly and consistently that signing messages does not, by itself, guarantee delivery.

This is quickly becoming off-topic, so I'll leave it at that.
Received on Tue Oct 26 2010 - 23:53:29 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:49 PST