It appears that Marco Moock via mailop <m...@dorfdsl.de> said: >Am 15.05.2025 um 01:36:56 Uhr schrieb Matthew Tse via mailop: > >> I'm looking for advice regarding DKIM signing. So it turns out >> ImprovMX re-signs all forwarded emails with our own DKIM signature, >> which from my research might not be standard (documentation suggests >> that mail forwarders add ARC headers, but NOT re-sign using DKIM). > >As long as the message is not being altered, the original DKIM >signature is still valid even when forwarded.
Right. >If you sign it, you have to rewrite the From: header to your own domain. Uh, what? You can DKIM sign anything, with no need for the signature domain to match anything else in the message. Look at this message that should have signatures both from this domain and from my mail system's domain. >Mail forwarding is a PITA. If you want to have working SPF, DKIM and >DMARC, you have to rewrite From: / MAIL FROM:, but this alters the >message and stuff like PGP or S/MIME is still broken - by design in >this case. Forwarding is indeed a pain. but this is confused. If you want SPF to work you need to change the MAIL FROM bounce address but that has no effect on the contents of the message. One of the goals of DKIM was that it works even if the message is forwarded. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
