[Rspamd-Users] Disable DKIM signature for mailing lists

George Shammas rspamd at shamm.as
Tue Jul 7 22:18:01 UTC 2020 

That article was an interesting read.

What does it mean if even this mailing list doesn't deal with this
correctly? Just look at the headers of any message from this thread,
they all have both dkim and dmarc failures. Here are the auth results
for the message you sent.

```
ARC-Authentication-Results: i=1;
        mail.highsecure.ru;
        dkim=fail (body hash did not verify) header.d=arnowelzel.de header.s=default header.b=ZGD+5CBZ;
        spf=none (mail.highsecure.ru: domain of users-bounces at lists.rspamd.com has no SPF policy when checking 10.0.0.75)
        smtp.mailfrom=users-bounces at lists.rspamd.com
ARC-Authentication-Results: i=2;
        shamm.as;
        dkim=pass header.d=lists.rspamd.com header.s=dkim header.b=e5VWeO5g;
        dkim=none (invalid DKIM record) header.d=arnowelzel.de header.s=default header.b=ZGD+5CBZ;
        arc=pass (lists.rspamd.com:s=arc:i=1);
        dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=arnowelzel.de (policy=none);
        spf=pass (shamm.as: domain of users-bounces at lists.rspamd.com designates 88.99.142.95 as permitted sender)
        smtp.mailfrom=users-bounces at lists.rspamd.com
```

On Tue, Jul 07, 2020 at 11:04:38PM +0200, Arno Welzel wrote:
> Ihor Antonov:
> 
> > A lot of mailing lists forward emails and thus ruin my DKIM signature.
> > My Inbox fills in with MAILER-DAEMON reports about DKIM signature 
> > mismatch when, all of them from recipients who got my message through 
> > some mailing list.
> 
> The problem: using DKIM on its own is not really useful without DMARC.
> Usually you want to combine DKIM with DMARC, so a receiving mail server
> will not accept mails from your domain without a valid DKIM signature,
> or at least it will treat those mails as "spammy".
> 
> So if you omit DKIM signatures for certain mailing lists, you also
> violate DMARC as spammers would do, when they fake your sender address
> to get their spam delivered.
> 
> The real fix is not to avoid DKIM for specific recipients but to ask the
> mailing list maintainers to set up their lists in a way to deal with it.
> 
> Also see here:
> <https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html>
> -- 
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.rspamd.com/pipermail/users/attachments/20200707/16948f35/attachment.bin>

More information about the Users mailing list