Hello everyone, sorry for posting this here, but I sent the enquiry to the at-large-owner address but received no reply, so I think this might have gotten lost or ended up in /dev/null.. In short: DKIM/DomainKeys is incorrectly set-up for atlarge-lists.icann.org Warm regards, Olivier -- Olivier MJ Crepin-Leblond, Ph.D Global Information Highway Ltd http://www.gih.com/ocl.html ----- Original Message ----- From: "Olivier MJ Crepin-Leblond" <ocl@gih.com> To: <at-large-owner@atlarge-lists.icann.org> Sent: Wednesday, November 12, 2008 12:04 PM Subject: Use of DKIM on at-large mailing list
Hello there,
I have noticed that you are using DKIM/DomainKeys on the at-large ICANN server. I think that it is great that you are embracing new technology. It is also great that the server supports TLS.
However, it appears that its implementation for domainkeys/DKIM on the mailing list does not work correctly.
At present:
- messages which are DKIM-signed keep their DKIM signature and therefore FAIL when received, because the at-large mailing list adds a footer (how to subscribe/unsubscribe), so the message has been tampered with - messages which are not DKIM-signed become signed by the atlarge-lists.icann.org server. However, there is no entry for default._domainkey.atlarge-lists.icann.org key in the DNS.
What should really happen:
- the atlarge-lists.icann.org server should recognise when a domainkey is active & replace the incoming domainkey with its own domainkey if positive. - atlarge-lists.icann.org should have an entry in the ICANN DNS for its key under: default._domainkey.atlarge-lists.icann.org
If you have any questions, don't hesitate to ask.
Warm regards,
Olivier
-- Olivier MJ Crepin-Leblond, Ph.D Global Information Highway Ltd http://www.gih.com/ocl.html