4

ADSP is an entry in DNS that works allows a domain owner to assert that all email must be signed with DKIM. (similar to the -all and ~all in SPF/SenderID). Messages that fail ADSP policy may be rejected.

Apparently DKIM has a ton of issues with mailing lists.

  • What specific mailinglist software has issues with DKIM and therefore ADSP?

  • What else has an issue with DKIM and should make one reconsider deploying ADSP?

makerofthings7
  • 8,911
  • 34
  • 121
  • 197

1 Answers1

3

Firstly, ADSP is simply the mechanism for defining a policy. Specifying dkim=unknown is equivalent to not specifying an ADSP policy. I'm assuming that you're specifically referring to the all and discardable policies here.

The problem with mailing lists occur when the message body or any signed headers are modified. This commonly occurs when adding a footer with list information, which is fairly common behaviour by all mailing list software. I think that pretty much all mailing list software will break DKIM signatures.

Unfortunately there is no consensus yet on how to handle DKIM with remailers. There is a wiki page discussing DKIM in Mailman which discusses the possible solutions. At this stage I would certainly not use dkim=discardable if messages are sent to mailing lists, and would be wary of dkim=all.

mgorven
  • 30,615
  • 7
  • 79
  • 122
  • I just discovered DMARC. Would that address or help identify concerns? – makerofthings7 Jun 17 '12 at 22:28
  • @makerofthings7 Interesting, I haven't heard of DMARC before. It doesn't address mailing lists though -- they're mentioned in the FAQ, but the approaches are the same as in that Mailman wiki page. – mgorven Jun 17 '12 at 22:56