Re: Domainkeys and ISPs
On Thu, Mar 13, 2008 at 11:43:49PM +0800, Thomas Goirand wrote:
> I just had a test with dkimproxy. A very simple test with the mailx
> package (eg: Mail from the command line).
> So as you see, dkimproxy needs a list of domains for which it signs
> email. If you are receiving a mail from another server, and then
> forwards it, of course, it's not in the list, and then it's not
That doesn't sound obvious to me. Let's assume you have two users, A
and B, with email addresses A@example.org and B@example.org . B get
his email forwarded to firstname.lastname@example.org, and A runs his own
direct-to-MX delivery server (or relay server) (or contracts one from
a third party; the point is not yours).
That's a situation where your assumption of "If you are receiving a
mail from another server, and then forwards it, of course, it's not in
the list" does not hold: If A sends a mail to B@example.org with
return path of A@example.org; should that mail get signed? Probably
not. Because if you sign that mail, you'll also sign joe-job spam
mail, and that's something you wouldn't want, I presume.