--On 23 November 2010 12:18:44 -0500 "John R. Levine" <[email protected]> wrote:
>> Actually, they're complementary. In places where DKIM fails (mailing >> lists rewriting messages), SPF can succeed. > > Haven't we been over this a hundred times already? It's ADSP, not DKIM, > that fails on mailing list mail. > > DKIM works just dandy, when lists sign their mail like this one does. > > A good point. And SPF works just dandy if the intermediary uses SRS. I'll rephrase: Unless the intermediary co-operates by re-signing, mailing lists can break DKIM signatures. Since mailing lists generally use their own rfc5321 return paths, SPF failures should not result. Of course, a broken DKIM signature is equivalent to none at all. You should not reject or discard mail on this basis, but you do lose the ability to assign signer domain based reputation to the message. Unless the intermediary co-operates with SRS, or similar, *forwarding* can result in SPF failure. Since forwarders generally don't change the message content, DKIM signatures should remain intact. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
