On Mon, 22 Dec 2014, Chris Samuel <chris@csamuel.org> wrote:
On Mon, 22 Dec 2014 05:18:45 PM Russell Coker wrote:
The above is from the headers of one of the messages I sent to the list. The "insecure key" part refers to the fact that I'm not using DNSSEC.
I'm not sure that's right, I'm not using DNSSEC either and my emails to the list do not get those headers attached.
Which messages are you referring to? The message I'm replying to has no DKIM headers.
I thought DKIM was orthogonal to DNSSEC.
Not really. If you can fake someone's DNS then you can fake a DKIM record to allow forged signatures or fake the absence of DMARC etc records to allow unsigned mail through. Anyway it's apparently only certain versions of OpenDKIM that give the error in question. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/