Re: Should I use DKIM to sign messages?

From: Michael McCallister <>
Date: Sat, 08 Feb 2014 09:40:38 -0700

On 2/7/2014 9:40 AM, SM wrote:
> Hi Michael,
> At 14:17 04-02-2014, Michael McCallister wrote:
>> I am deploying 3 mail servers for purposes of forwarding email. They
>> only forward (i.e. ->
>> etc.). No end-users will send mail directly through these servers
>> (not relays). Does DKIM serve any signing role in this case? After
>> reading briefly into DKIM, it sounds as if signing should really be
>> done at the relay where the mail server would conceivably know
>> something about the sender. Based on my understanding of DKIM, I
>> should not bother signing emails on these forwarding servers. Is
>> that a correct conclusion? In case it matters at all, I am using SRS
>> (
> It is worth DKIM-signing the message as it may make it easier for the
> receiver to identify the administrative domain forwarding the message.
> Regards,
> -sm


I tried doing so as a result of this advice, but opendkim wants to sign
using the domain in the From header. Therefore, I have to somehow force
it to sign all emails using a specified key (not using From). Two
questions then: 1) how does one do this with opendkim (i.e. force a
specific key regardless of From) and 2) and are you sure recipient MTAs
will be ok with this handling (i.e. not signing with domain in From
header - or do they just check the dkim headers for fetching the domain)?

Received on Sat Feb 08 2014 - 16:40:47 PST

This archive was generated by hypermail 2.3.0 : Sat Feb 08 2014 - 16:45:02 PST