--On 23 November 2010 12:18:44 -0500 "John R. Levine"
<johnl(_at_)iecc(_dot_)com>
wrote:
Actually, they're complementary. In places where DKIM fails (mailing
lists rewriting messages), SPF can succeed.
Haven't we been over this a hundred times already? It's ADSP, not DKIM,
that fails on mailing list mail.
DKIM works just dandy, when lists sign their mail like this one does.
A good point. And SPF works just dandy if the intermediary uses SRS. I'll
rephrase:
Unless the intermediary co-operates by re-signing, mailing lists can break
DKIM signatures. Since mailing lists generally use their own rfc5321 return
paths, SPF failures should not result. Of course, a broken DKIM signature
is equivalent to none at all. You should not reject or discard mail on this
basis, but you do lose the ability to assign signer domain based reputation
to the message.
Unless the intermediary co-operates with SRS, or similar, *forwarding* can
result in SPF failure. Since forwarders generally don't change the message
content, DKIM signatures should remain intact.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html