As you can see, it's possible to add headers like Reply-To without breaking
the signature. (The choice of headers to sign in the original message is
largely up to the implementation. I have a feeling that the implementations
that sign only the absolutely necessary headers will survive better in the
marketplace.)
I think enterprises will adopt DKIM for the anti-spoofing benefits without
much concern for things like their employees' participation on mailing lists
external to the organization. In such a scenario, it's the mailing lists'
responsibility to try and ensure that people from such protected domains can
still participate.
Logged In: YES
user_id=1406492
Yup, I have DomainKeys working with Mailman. Here's an example
DomainKeys header of a message that passed through Mailman just fine:
DomainKey- Signature: a=rsa-sha1; s=mail; d=karppinen.fi; c=nofws; q=dns; version: in-reply- to:references: content- type:message- id: transfer- encoding: from:subject: date:to: x-mailer; zapxG93zNgC5WmN 9UedMi WWvj63xM/ gxgMdZ8MuUXn8bR IB0STCLEALHBP4O q2kbDZpcPTweLIx sL B0LPPzDDlfPBjbH McCekBiTtF+ VcNu2HCbLhs=
h=mime-
content-
b=Jjt8k25KetlH
+WrlZGLW2WDhk72
LJIZHvx2heeMbm0
iH1h6I123ekPNTs
As you can see, it's possible to add headers like Reply-To without breaking
the signature. (The choice of headers to sign in the original message is
largely up to the implementation. I have a feeling that the implementations
that sign only the absolutely necessary headers will survive better in the
marketplace.)
I think enterprises will adopt DKIM for the anti-spoofing benefits without
much concern for things like their employees' participation on mailing lists
external to the organization. In such a scenario, it's the mailing lists'
responsibility to try and ensure that people from such protected domains can
still participate.
Anyway, thanks for looking into this!