Am 15.05.2025 um 01:36:56 Uhr schrieb Matthew Tse via mailop: > I'm looking for advice regarding DKIM signing. So it turns out > ImprovMX re-signs all forwarded emails with our own DKIM signature, > which from my research might not be standard (documentation suggests > that mail forwarders add ARC headers, but NOT re-sign using DKIM).
As long as the message is not being altered, the original DKIM signature is still valid even when forwarded. If you sign it, you have to rewrite the From: header to your own domain. > This is not a problem for most of our users, but some have been > complaining that when ImprovMX forwards emails to a destination > guarded by email phishing protection software like Inky > <https://www.inky.com/products>, they rewrite the body, and that > breaks DKIM and the emails often end up in spam. Mail forwarding is a PITA. If you want to have working SPF, DKIM and DMARC, you have to rewrite From: / MAIL FROM:, but this alters the message and stuff like PGP or S/MIME is still broken - by design in this case. I recommend telling people that they should use the address they want and avoid forwarders. -- Gruß Marco Send unsolicited bulk mail to [email protected] _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
