Comment 8 for bug 558208

Logged In: YES
user_id=1406492

Yup, I have DomainKeys working with Mailman. Here's an example
DomainKeys header of a message that passed through Mailman just fine:

DomainKey-Signature: a=rsa-sha1; s=mail; d=karppinen.fi; c=nofws; q=dns;
 h=mime-version:in-reply-to:references:content-type:message-id:
 content-transfer-encoding:from:subject:date:to:x-mailer;
 b=Jjt8k25KetlHzapxG93zNgC5WmN9UedMi
+WrlZGLW2WDhk72WWvj63xM/
LJIZHvx2heeMbm0gxgMdZ8MuUXn8bRIB0STCLEALHBP4Oq2kbDZpcPTweLIxsL
iH1h6I123ekPNTsB0LPPzDDlfPBjbHMcCekBiTtF+VcNu2HCbLhs=

As you can see, it's possible to add headers like Reply-To without breaking
the signature. (The choice of headers to sign in the original message is
largely up to the implementation. I have a feeling that the implementations
that sign only the absolutely necessary headers will survive better in the
marketplace.)

I think enterprises will adopt DKIM for the anti-spoofing benefits without
much concern for things like their employees' participation on mailing lists
external to the organization. In such a scenario, it's the mailing lists'
responsibility to try and ensure that people from such protected domains can
still participate.

Anyway, thanks for looking into this!