[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Domainkeys and ISPs

On Thu, Mar 13, 2008 at 03:29:12AM +1100, Andrew McGlashan wrote:
> Hi Guys,
> Thomas Goirand wrote:
> >All these are very good points, and I don't know how dkimproxy is
> >handling it. I'll have a look, and see how we can do that, but to me
> >this has to be handled by dkimproxy itself. I'll try to get in touch
> >with the upstream.
> I haven't read about this widely, but I would presume that it would make 
> sense that the originating mail server should add their domain key 
> information and any forwarding server should leave it in tact.  But that 
> won't work if Yahoo is unable to trace the email back to it's original mail 
> server source and is only relying on the relay server's details to verify 
> the email's "pseudo" origin.

My feeling and I believe the spirit of the DK and DKIM specs is that the
sending server should do the signature.  That's what I get from reading
the RFCs at least.  But in this world of having to deal with the likes
of Yahoo, AOL, Comcast, etc, I was wondering if signing everything would
help the situation or not.  I'll probably end up leaning towards the
'correct' way and only siging messages for domains that we are
responsible for.


Michael F. Sprague     | mfs@saneinc.net
http://www.saneinc.net | System and Network Engineering (SaNE), Inc
Providers of the SpamOnion anti-spam service

Reply to: