*> That will not affect DKIM.* It will affect DKIM and it does. *> The DKIM sign...

CodeWriter23 · on Jan 18, 2017

The listserv has to copy any incoming email message and send one copy of the inbound message to each recipient on the listserv list. To assure deliverability, it has to send it from it's own address @ it's own domain, to avoid SPF failure. Each individual copy is passed by the listserv to the SMTP server to go to each recipient on the listserv list. The SMTP server calculates the DKIM on each message as it is sent.

Again, mail servers adding links is completely irrelevant to the DKIM signing process.

temprature · on Jan 19, 2017

> it has to send it from it's own address @ it's own domain, to avoid SPF failure.

To avoid SPF failure it uses its own domain in the MAIL FROM envelope address. There are very few lists that change the From header, I can't name a single one although they probably do exist.

> The SMTP server calculates the DKIM on each message as it is sent.

Like I said, even if they did, that only works if they were also changing the From header to their own domain. Otherwise, even though there is a valid DKIM signature there is no alignment with the From header so it is ignored when evaluating DMARC. DKIM does not use the MAIL FROM address.

> Again, mail servers adding links is completely irrelevant to the DKIM signing process.

I send a mail to a mailing list, LKML is a good example. My SMTP server signs the message with my DKIM private key and relays it to the LKML SMTP server. LKML receives it, appends a footer and relays it to all subscribers, with my name and email address in the From header but using its own address in the MAIL FROM address. The footer breaks the DKIM signature because when my message was signed that footer wasn't there. LKML does not re-sign the outgoing messages, it relays the DKIM signature provided in the original message. This is standard of many, possibly even most, mailing lists.