Re: Using external services for deliverability?
Thank you both for the help. I have SPF and reverse DNS setup. But I thought DKIM is no help because Mailman rewrites the email headers?
On 7/3/20 10:27 AM, Tom @ Gather wrote:
Thank you both for the help. I have SPF and reverse DNS setup. But I thought DKIM is no help because Mailman rewrites the email headers?
I believe if you use DMARC mitigation and apply it unconditionally, then DKIM signing makes it through. It does on my Mailman 3 servers.
-- Please let me know if you need further assistance.
Thank you for your business. We appreciate our clients. Brian Carpenter EMWD.com
-- EMWD's Knowledgebase: https://clientarea.emwd.com/index.php/knowledgebase
EMWD's Community Forums http://discourse.emwd.com/
On 7/3/20 7:27 AM, Tom @ Gather wrote:
Thank you both for the help. I have SPF and reverse DNS setup. But I thought DKIM is no help because Mailman rewrites the email headers?
In most cases, Mailman will make transformations to the message which will break any incoming DKIM signature, but you still want to DKIM sign your outgoing mail with your own domain's DKIM signature.
This will not in itself allow list messages to pass DMARC which is why Mailman has DMARC mitigations, but it will still provide a valid DKIM signature from you which will help with deliverability.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Makes sense. So given that the opendkim milter matches on the From header, am I correct in telling opendkim to sign emails from *any* email address with my domain?
So my whole SigningTable might be something like
- mail._domainkey.mydomain.com
?
On 7/10/20 8:10 PM, tom@gather.coop wrote:
Makes sense. So given that the opendkim milter matches on the From header, am I correct in telling opendkim to sign emails from *any* email address with my domain?
So my whole SigningTable might be something like
- mail._domainkey.mydomain.com
Yes.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
On 7/10/20 8:10 PM, tom@gather.coop wrote:
Makes sense. So given that the opendkim milter matches on the From header, am I correct in telling opendkim to sign emails from any email address with my domain? So my whole SigningTable might be something like
- mail._domainkey.mydomain.com
Yes.
Actually, I knew there was more to it than that, but I had forgotten the detail.
You can have
*@mydomain.com mail._domainkey.mydomain.com
as your SigningTable entry, but you need to specify
SenderHeaders List-Post,Sender,From
in your opendkim.conf. This will find the list address in the List-Post header of mail from your lists and that will be list@mydomain.com which will match the above SigningTable entry.
participants (4)
-
Brian Carpenter -
Mark Sapiro -
Tom @ Gather -
tom@gather.coop