Tech Tip (LISTSERV Maestro) – Issue 3 – 2006
Q: Can LISTSERV Maestro use DomainKeys to authenticate outgoing email messages?
Answer by Françoise Becker VP Software Engineering, L-Soft
The DomainKeys support [1][2] available in LISTSERV can also be used by LISTSERV Maestro. First, the LISTSERV site administrator must enable DomainKeys support as described in the LISTSERV Tech Tip. Then, the LISTSERV Maestro administrator must define the DomainKeys settings for LISTSERV Maestro; the administrator may impose DomainKeys usage on Maestro users and groups, or may give them the option to turn DomainKeys on or off for individual messages. DomainKeys signing will only be performed for email addresses for which LISTSERV has been configured. Finally, the job creator must specify a signable email address in the Define Sender step of the LISTSERV Maestro job. (Note that DomainKeys signing may need to be enabled for each individual message during this step.)
Configuring DomainKeys Support in LISTSERV
The LISTSERV site administrator must enable DomainKeys support as described in the LISTSERV Tech Tip and in the document Using LISTSERV with DomainKeys [3].
DomainKeys support must be configured in LISTSERV for all domains for which you want to use DomainKeys signing.
The LISTSERV Tech Tip describes how to set up DomainKeys for one domain or for a group of sub-domains below one domain; for example, the key for d=example.com can be made to sign for addresses *@listserv.example.com, *@xyz.example.com, and *@example.com, simply by telling LISTSERV "DKIM_SIGN=EXAMPLE.COM *.EXAMPLE.COM". This is usually sufficient for LISTSERV because list email goes out with a Sender: address of listname@listserv.example.com and LISTSERV can sign for these.
Unless a LISTSERV list is used in the Define Recipients step, messages sent from LISTSERV Maestro will not have these Sender: mail headers inserted by LISTSERV. In these cases, DomainKeys signatures must be applied to the From: address (E-mail Address field) used in the Define Sender step of the LISTSERV Maestro job. Therefore, the DomainKeys configuration should be set up to cover any domains that will be used in the Define Sender step.
For example, if all of your jobs will come from some address @example.com, then the setup described in the LISTSERV Tech Tip will be sufficient. However, if abc@xyz.com will be used as the sender email address in some jobs and you want to use DomainKeys signing for these jobs, then LISTSERV must be given a private key to use for XYZ.COM, and a DNS record with the corresponding public key must be entered in the DNS table for XYZ.COM.
Configuring DomainKeys Support in LISTSERV Maestro
Once DomainKeys support is configured in LISTSERV, the LISTSERV Maestro administrator can configure it in the HUB.
To specify default settings for all accounts, go to Global Component Settings -> Maestro User Interface -> Default DomainKeys Settings.
The Maestro administrator can specify whether or not to use DomainKeys by default, and whether or not a user must use the specified default or may change the setting for a particular job. In LISTSERV Maestro 3.0, a similar choice will also be available for Hosted LISTSERV Lists (HLLs).
The Maestro administrator may change these default settings for a particular group or a single user account by going to Administer User Accounts -> select a group or single account -> Maestro User Interface -> DomainKeys Settings.
These settings are described in detail in the LISTSERV Maestro Administrator's Manual [4].
Tip: The LISTSERV Maestro site administrator can use the DomainKeys signing feature to enforce the use of particular domain names in the From: address of all LISTSERV Maestro jobs. Simply set up DomainKeys signing for only the allowed domains and do not give users the option of turning it off.
Configuring DomainKeys Signing in a Maestro Job
If the Maestro administrator has specified in HUB that "the user may change the setting supplied above on a per-job basis", then the Define Sender step includes an option for defining DomainKeys settings.
If DomainKeys signing is requested, then LISTSERV Maestro will verify that the email address entered in the Define Sender step is supported for DomainKeys signing. If it isn't, then an error message is displayed indicating that the sender definition cannot be saved as is:
The Define Sender step is described in detail in the LISTSERV Maestro User Guide [5].
Configuring DomainKeys Signing for a Hosted LISTSERV List
Coming soon in LISTSERV Maestro 3.0 is an expanded Hosted LISTSERV List wizard with support for most LISTSERV header keywords, including the keyword that controls whether or not a list should use DomainKeys signing for its mailings.
Note: This option is not available if the Maestro administrator has set up the account to "enforce DomainKeys-signing for all LISTSERV Maestro standard postings to Hosted LISTSERV Lists".
The new HLL wizard will be documented in the LISTSERV Maestro 3.0 Data Administrator's Manual [6].
References
[1] DomainKeys: Proving and Protecting Email Sender Identity, antispam.yahoo.com/domainkeys
[2] Domain-based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys), www.ietf.org/internet-drafts/draft-delany-domainkeys-base-06.txt
[3] Using LISTSERV with DomainKeys, www.lsoft.com/manuals/1.8e/LISTSERV-DKIM-config.html
[4] LISTSERV Maestro Administrator's Manual, www.lsoft.com/resources/manuals.asp
[5] LISTSERV Maestro User Guide, www.lsoft.com/resources/manuals.asp
[6] LISTSERV Maestro Data Administrator's Manual, www.lsoft.com/resources/manuals.asp |