On Sat, Nov 08, 2014 at 05:58:53PM -0800, Keith Keller wrote: > The fundamental reason is because Mailman is rewriting the headers in an > incompatible way. It is not his site's usage of DKIM. This is a known > issue with Mailman. (I used to have a good link explaining the issue, > but can't find it now; if I find it later I'll post it.) So we have a 20-year old piece of technology ("mailman") and a modern proposal ("DKIM")... and somehow it's mailman's fault. Uh huh. Note; it's not just mailman that has problems, it's _any_ mail forwarder. Going back 27 years to my first Unix account, I could create a file called ".forward" that would forward my mail to another address. This is BROKEN by DKIM. Basically DKIM is incompatible with how internet email works. But here's the thing... I think DKIM has a potential future; we need to _change_ how the internet works. So mailman will need to be rewritten; mail forwarders will need to change. And so on. I use DKIM on my domain but I specifically set it to "fail safe" (deliver it anyway) because I _know_ the internet, today, isn't compatible. I get email reports so I can see if spammers _are_ sending as me. The problem is with domains like yahoo.com who have a "fail deny" policy. Any yahoo.com sender gets so much mail rejected that many mail lists auto-block yahoo senders these days. The problem, ultimately, is with senders with a "reject" policy published. DKIM is not compatible with internet email today, and so mail from those senders _will_ be rejected. -- rgds Stephen _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos