While sending a mailing, if it is marked to be signed using DomainKeys, then ListManager will use the domain of the From or Sender Header and add this to the selector defined on the DomainKeys tab of the Site to request a public key. ListManager then attempts to match the retrieved public key to the private key on the DomainKeys tab of the Site.
- If no public key can be retrieved, or if it cannot be matched to the private key in ListManager, then DomainKey signing cannot take place. ListManager will issue a failure message.
- If the From has a merge tag in it, then ListManager cannot verify the DomainKey before sending the mailing. In this case, ListManager will send the mailing with DomainKey signing but will issue a warning message.
When ListManager generates these warning or failure messages, they are logged in the Mailing transact log and the debug log. An email is also sent to any List Administrators on that list.
Some possible warning messages are:
.... "Mailing Id: 192 NOT SIGNING message with Domainkey signature header. DNS permanent failure for LM_DK_test512._domainkey.2k3.lyris.com'" In this case, there is matching public key in the 2k3.lyris.com DNS for the private key set up in the Site
.... "Mailing Id: 199 NOT SIGNING message with Domainkey signature header. LyrisDK::NetValidate: No DNS TXT record found for 'LM_DK_test512._domainkey.yahoo.com'" In this case, there is matching public key in the yahoo.com DNS for the private key set up in the Site
.... "Mailing Id: 116 SIGNING message with Domainkey signature header. Can not verify PUBLIC KEY because the From: contains a merge tag." In this case, it was impossible to tell if the From had a valid domain, since it contained a merge tag. LM will assume that the domain is valid and will send it out DK signed
....Mailing Id: 255 NOT SIGNING message with Domainkey signature header. LyrisDK::NetValidate: No DNS TXT record found for '_domainkey.lyris.com' In this case, the Selector was missing in the Site DK definition
....Mailing Id: 259 NOT SIGNING message with Domainkey signature header. Private key is bad. In this case, the Private Key is missing or bad in the Site DK definition