Hi Matthew, The point of using different keypairs for different lists is that some message filters use the DKIM signing domain as a data point when calculating sender reputation.
Ideally, you want to have the signing domain match the From domain. If the lists use different From domains, then I'd recommend different keypairs for that reason. If it's all using the same domain then the same keypair across all lists is probably fine. If you really want to get into the weeds, different keypairs can help you isolatate and limit the reputational risk from DKIM replay attacks regardless of the same sending domain. But, message volume also matters for building reputation and, there's no point in using separate keys for double digit per-list daily volumes. Combining under one key and one domain may also be a winning strategy in that case. Ken. ________________________________ From: mailop <mailop-boun...@mailop.org> on behalf of Matthew Richardson via mailop <mailop@mailop.org> Sent: Tuesday, 14 June 2022, 19:30 To: mailop@mailop.org <mailop@mailop.org> Subject: Re: [mailop] Best practice for mailing list servers Ken O'Driscoll wrote:- >* Use different DKIM keypairs for each list Out of interest, why? Are there any known issues with using the same keypair across multiple lists, or indeed across multiple sending domains? -- Best wishes, Matthew _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
