Re: [chrony-users] DNS/DKIM issue with

[ Thread Index | Date Index | More Archives ]

Hi Joe

Your admin should be more precise: The mailing list or the servers that send 
the mail for the list do not add a DKIM header, only some of the member mail 
server do add a DKIM header.

Because a mailing list software alters some headers, like the subject, such 
headers should not be used in DKIM, it leads to a failed verification. Mails, 
which fail a DKIM verification can only be discarded safely, when the _adsp 
record of the sender says dkim=discardable in all other cases, the mail should 
get delivered, see under [1].

This DKIM issue can only be addressed from your admin to take into account, 
that mailing list software do exist, are used and aren't 100% compatible with 
DKIM, and as well that some admins configure DKIM in a bad way for mailing 

That means upon receiving a mail: Do not decide to never discard mails having 
a failed DKIM verification, give them a higher SPAM score instead. Decrease 
the SPAM score for mails having a List-... header (resp. use the corresponding 
test from spamassassin, if applicable).

Furthermore your admin should change your DKIM record not to contain the 
subject, content-type and mime-version, which helps to verify a DKIM 
successfully even if the mail was altered by a mailing list software.

Regards, Adrian.


In der Nachricht vom Tuesday, 12 December 2023 14:50:17 CET steht:
> Emails that I receive from for this group are being blocked by
> my organization, reportedly for security because of a failed DKIM lookup.
> My sysadmin indicated that the DKIM in DNS would need to be fixed. I tried
> sending an email to the admin a while back but got no
> response. I probably won't receive the responses to this if you respond to
> the group. Perhaps you can reply to me directly. I do apologize for this
> being off topic. I'd like to continue receiving these emails but can't if
> this DKIM issue isn't addressed. If any of you are able to look into this,
> it would be greatly appreciated. Thanks. Happy Holidays!
> Joe Smith
> Senior Software Engineer
> Phoenix Defense
> 200 East Palm Valley Drive | Suite 2000 | Oviedo, Florida 32765
> joe.s​mith@xxxxxxxxxxxxxxx
> This email and any attachments to it are intended only for the identified
> recipients. It may contain proprietary or otherwise legally protected
> information of Phoenix Defense.
> Any unauthorized use or disclosure of this communication is strictly
> prohibited. If you have received this communication in error, please notify
> the sender and delete or otherwise destroy the email and all attachments
> immediately.
> [cid:4d3eb688-9459-4092-9b00-510a3454416b]
> [cid:cefb756f-b8c3-47f6-8ceb-65f9b1e2c569]​


  Adrian Zaugg
  Zweierstrasse 56
  CH-8004 Zürich

  044 291 02 38

(This eMail gets best displayed
 using a monospace font.)

# Retrieve my public GPG key:
  gpg --locate-external-keys adi@xxxxxxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part.

Mail converted by MHonArc 2.6.19+