ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Accidental versus malicous error

2007-12-20 12:03:05
Damon wrote:
I do not see this as being correct and I never agreed with it.
I am going to have to do "something" whether the signature is broken
or not. Just because messages have broken signatures does not mean
that I am going to have to add even 1 more linux server to my farm to
handle them. My disagreement comes with the difference between ALL and
STRICT. ALL would mean that all of my messages are signed, broken or
not. Any message coming from me with NO signature is a failure of my
published policy. When I receive a message from this domain I will
likely accept the message if it has a signature regardless of the
validity and drop the messages with no signature on the floor.

That would be a bad idea. I believe they changed this in the most current
version, but gnu mailman -- as an example -- was stripping out DKIM
signatures thinking they were doing the originating domain a favor since
they "knew" that the signature would fail (which, in fact, wasn't always
the case). It took quite a bit of convincing on my part that they should just
leave it alone. It's not hard to understand their perspective though: they
thought a broken signature would look more spammy than a missing
signature. Rinse, repeat.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html