Are DomainKeys for e-mail signing dead?

Mailman List Mirror (Read Only)
1

Apologies if I slept through prior discussions on the topic.

E-mail from our L-Soft LISTSERV was recently rejected by Yahoo with the following error:

#####@YAHOO.COM

    Last error: 5.7.9 554 5.7.9 Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html

I note:

1. The e-mail error (5.7.9) references the link http://postmaster.yahoo.com/errors/postmaster-28.html.

2. That Yahoo page does not mention error 5.7.9, but references a similar error 5.7.4 "Message not accepted for policy reasons."

3. It appears that Yahoo wants inbound messages signed using DomainKeys technology.

4. Yahoo is the lead inventor of DomainKeys, along with Cicso, PGP, and Sendmail.

5. L-Soft LISTSERV manuals and Yahoo both refer to the website http://domainkeys.sourceforge.net/.

6. When I click on the Documentation and DomainKeys Implementors Mailing List links on that page, I get page not found.

7. A 2007 USA Today Article (http://usatoday30.usatoday.com/tech/products/cnet/2007-05-23-domainkeys-anti-spam_N.htm) mentions that DomainKeys have not been widely adopted.

8. A basic Google search for DomainKeys comes up with no recent articles. One website (http://blog.wordtothewise.com/2011/09/dkim-is-done/) says that DKIM/DomainKeys are dead.

Are the rumors of the death of DomainKeys premature? If not, is anyone from Yahoo listening?

matthew black

california state university, long beach

2

5.7.4 means "you told us not to accept your mail unless it was validly
signed and it is not".
The solution for this is to make sure that mail with a From: in a domain
that requires this is validly signed.
Yahoo does not care whether you use DKIM or DomainKeys for this purpose;
other people may well like DKIM better, making it more fun.
I note that the help page you reference mentions DKIM and DomainKeys
together every time.

If your LISTSERV
  -- gets mail from somebody with a domain that requires their mail to be
validly signed (for instance, via DMARC)
  -- leaves that sender's address in the From: line
  -- and breaks the DKIM signature

then the mail will not deliver to recipients at Yahoo. Your choices are:
  -- ask (or force) the sender to join the LISTSERV from a sending domain
that does not do this
  -- modify the From: to not be in the sender's domain
  -- avoid breaking the DKIM signature
  -- let the mail fail

  Elizabeth

3

Alive and well after the standard evolved. Google DKIM and then DMARC.

I doubt anything as antique as listserv supports either, so route its
inbound / outbound mail through a gateway running postfix / sendmail etc.

--srs

4

In article <ED78B1C68B84A14FA706D13A230D7B431E2B9D4D@ITS-MAIL02.campus.ad.csulb.edu> you write:

Apologies if I slept through prior discussions on the topic.

Regardless of what various aging web pages and un-upgraded mail
software might say, Domainkeys is as dead as a doornail, even at
Yahoo. Use DKIM, you'll be happier, even at Yahoo.

R's,
John

5

opendkim[0] does this job beautifully.

[0] - http://www.opendkim.org/

6

If your LISTSERV
-- gets mail from somebody with a domain that requires their mail to be
validly signed (for instance, via DMARC)
-- leaves that sender's address in the From: line
-- and breaks the DKIM signature

Ah, that problem.

I'd strongly suggest a shim in front of LISTSERV that checks for DMARC
policies other than p=none and rejects the incoming mail, simply to
protect other members of the list. Otherwise people who follow DMARC
advice will reject list mail and get bounced off the list. Yes, this
actually happens.

R's,
John