[Cin] Gmail and Mailing List

Georgy Salnikov sge at nmr.nioch.nsc.ru
Fri Mar 10 18:30:30 CET 2023

On Fri, 10 Mar 2023, Phyllis Smith wrote:

> requirement doesn\u2019t apply to you if you\u2019re an existing sender.
> However, we recommend you always set up SPF and DKIM to protect your
> organization\u2019s email and to support future authentication
> requirements."

As I would understand, Google warns that, although you as an existing sender
are not (yet) applied to SPF/DKIM requirements, be prepared that the policy
can change soon and without further notice.

> Also, I "think" we do have DKIM implemented (their note says SPF OR DKIM)

Google requires DMARC authentication, what literally means "either DKIM or
SPF or both".

> if I interpret further down on the "Original Message Header" where it
> says: X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

No, Phyllis, X-Google-DKIM-Signature is not a real DKIM although it looks
like DKIM. X-Google-DKIM-Signature is an additional private header inserted
by Google - perhaps to propagate this signature between diverse Google mail
relays. And if somebody other submits his email to the CGG mailing list not
from Google's account but from some other account, there will be no
X-Google-DKIM-Signature header in that email at all.

The real DKIM header is: "DKIM-Signature:" and is normally inserted by the
mailserver where the email was first originated. This header contains a
special hash computed from several other headers, most important, the From:,
Subject:, To: headers and, may be, the email body itself. For mailing lists
it is a catastrophe as maillists usually add their own headers to ensure
that all the maillist members get emails, and then the old DKIM hash does
not match the edited headers. But if maillist server recomputes DKIM, DMARC
will still fail because From: does not correspond to maillist domain any
more. So, the DKIM solution is difficult.

> But anyway, I will see if I can figure out how to implement SPF like they
> suggest.  A lot of the things I am trying to do is quite difficult for me
> and beyond my skill set.   ...Phyllis

SPF is much easier to implement, but this  is a job of the administrator of
the primary server of the DNS domain where the mailing list resides, not
your job, Phyllis. The users, even if privileged to some extent, have no
permissions to edit DNS zones on nameservers.


Georgy Salnikov
NMR Group
Novosibirsk Institute of Organic Chemistry
Lavrentjeva, 9, 630090 Novosibirsk, Russia
Phone   +7-383-3307864
Email   sge at nmr.nioch.nsc.ru

More information about the Cin mailing list