Although an invalid signature should be
considered equal to no signature (as also specified in the base
specification), from the responses on this list, expect many will bet
on initial statistics and get this wrong. This does not bode well,
and could represent a sizeable loss of receiver resources.
-Doug
I do not see this as being correct and I never agreed with it.
I am going to have to do "something" whether the signature is broken
or not. Just because messages have broken signatures does not mean
that I am going to have to add even 1 more linux server to my farm to
handle them. My disagreement comes with the difference between ALL and
STRICT. ALL would mean that all of my messages are signed, broken or
not. Any message coming from me with NO signature is a failure of my
published policy. When I receive a message from this domain I will
likely accept the message if it has a signature regardless of the
validity and drop the messages with no signature on the floor. At this
point I have not determined the validity of the signature just that
one existed or didn't. Next I would run through the checks. If I
determine that the signature is invalid, by having it promoted/demoted
to "no signature" I should be able to drop it on the floor. This is a
BAD idea and is not something I would like to promote as this action
just removed the difference between ALL and STRICT and now everything
is STRICT. What I do with a message that has a broken signature and
the policy for the domain is ALL is up to me. It will likely go
through rigorous testing- but that is none of your/our business and I
believe that forcing the operational folks into this sort of corner is
not something that we should be doing.
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html