Are DomainKeys for e-mail signing dead?
Apologies if I slept through prior discussions on the topic. E-mail from our L-Soft LISTSERV was recently rejected by Yahoo with the following error: #####@YAHOO.COM Last error: 5.7.9 554 5.7.9 Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html I note: 1. The e-mail error (5.7.9) references the link http://postmaster.yahoo.com/errors/postmaster-28.html. 2. That Yahoo page does not mention error 5.7.9, but references a similar error 5.7.4 "Message not accepted for policy reasons." 3. It appears that Yahoo wants inbound messages signed using DomainKeys technology. 4. Yahoo is the lead inventor of DomainKeys, along with Cicso, PGP, and Sendmail. 5. L-Soft LISTSERV manuals and Yahoo both refer to the website http://domainkeys.sourceforge.net/. 6. When I click on the Documentation and DomainKeys Implementors Mailing List links on that page, I get page not found. 7. A 2007 USA Today Article (http://usatoday30.usatoday.com/tech/products/cnet/2007-05-23-domainkeys-anti...) mentions that DomainKeys have not been widely adopted. 8. A basic Google search for DomainKeys comes up with no recent articles. One website (http://blog.wordtothewise.com/2011/09/dkim-is-done/) says that DKIM/DomainKeys are dead. Are the rumors of the death of DomainKeys premature? If not, is anyone from Yahoo listening? matthew black california state university, long beach
5.7.4 means "you told us not to accept your mail unless it was validly signed and it is not". The solution for this is to make sure that mail with a From: in a domain that requires this is validly signed. Yahoo does not care whether you use DKIM or DomainKeys for this purpose; other people may well like DKIM better, making it more fun. I note that the help page you reference mentions DKIM and DomainKeys together every time. If your LISTSERV -- gets mail from somebody with a domain that requires their mail to be validly signed (for instance, via DMARC) -- leaves that sender's address in the From: line -- and breaks the DKIM signature then the mail will not deliver to recipients at Yahoo. Your choices are: -- ask (or force) the sender to join the LISTSERV from a sending domain that does not do this -- modify the From: to not be in the sender's domain -- avoid breaking the DKIM signature -- let the mail fail Elizabeth On 2/28/14 2:51 PM, "Matthew Black" <Matthew.Black@csulb.edu> wrote:
Apologies if I slept through prior discussions on the topic.
E-mail from our L-Soft LISTSERV was recently rejected by Yahoo with the following error:
#####@YAHOO.COM
Last error: 5.7.9 554 5.7.9 Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html
I note:
1. The e-mail error (5.7.9) references the link http://postmaster.yahoo.com/errors/postmaster-28.html.
2. That Yahoo page does not mention error 5.7.9, but references a similar error 5.7.4 "Message not accepted for policy reasons."
3. It appears that Yahoo wants inbound messages signed using DomainKeys technology.
4. Yahoo is the lead inventor of DomainKeys, along with Cicso, PGP, and Sendmail.
5. L-Soft LISTSERV manuals and Yahoo both refer to the website http://domainkeys.sourceforge.net/.
6. When I click on the Documentation and DomainKeys Implementors Mailing List links on that page, I get page not found.
7. A 2007 USA Today Article (http://usatoday30.usatoday.com/tech/products/cnet/2007-05-23-domainkeys-a nti-spam_N.htm) mentions that DomainKeys have not been widely adopted.
8. A basic Google search for DomainKeys comes up with no recent articles. One website (http://blog.wordtothewise.com/2011/09/dkim-is-done/) says that DKIM/DomainKeys are dead.
Are the rumors of the death of DomainKeys premature? If not, is anyone from Yahoo listening?
matthew black
california state university, long beach
If your LISTSERV -- gets mail from somebody with a domain that requires their mail to be validly signed (for instance, via DMARC) -- leaves that sender's address in the From: line -- and breaks the DKIM signature
Ah, that problem. I'd strongly suggest a shim in front of LISTSERV that checks for DMARC policies other than p=none and rejects the incoming mail, simply to protect other members of the list. Otherwise people who follow DMARC advice will reject list mail and get bounced off the list. Yes, this actually happens. R's, John
On Saturday, March 1, 2014, Matthew Black <Matthew.Black@csulb.edu> wrote:
Apologies if I slept through prior discussions on the topic. E-mail from our L-Soft LISTSERV was recently rejected by Yahoo with the following error:
Alive and well after the standard evolved. Google DKIM and then DMARC. I doubt anything as antique as listserv supports either, so route its inbound / outbound mail through a gateway running postfix / sendmail etc. --srs -- --srs (iPad)
On 2/28/2014 18:36, Suresh Ramasubramanian wrote:
On Saturday, March 1, 2014, Matthew Black <Matthew.Black@csulb.edu> wrote:
Apologies if I slept through prior discussions on the topic. E-mail from our L-Soft LISTSERV was recently rejected by Yahoo with the following error:
Alive and well after the standard evolved. Google DKIM and then DMARC.
I doubt anything as antique as listserv supports either, so route its inbound / outbound mail through a gateway running postfix / sendmail etc.
--srs
opendkim[0] does this job beautifully. [0] - http://www.opendkim.org/ -- staticsafe
In article <ED78B1C68B84A14FA706D13A230D7B431E2B9D4D@ITS-MAIL02.campus.ad.csulb.edu> you write:
Apologies if I slept through prior discussions on the topic.
Regardless of what various aging web pages and un-upgraded mail software might say, Domainkeys is as dead as a doornail, even at Yahoo. Use DKIM, you'll be happier, even at Yahoo. R's, John
participants (5)
-
Elizabeth Zwicky -
John Levine -
Matthew Black -
staticsafe -
Suresh Ramasubramanian