Douglas Otis wrote:
On Dec 20, 2007, at 10:44 AM, Michael Thomas wrote:
That would be a bad idea. I believe they changed this in the most
current version, but gnu mailman -- as an example -- was stripping
out DKIM signatures thinking they were doing the originating domain a
favor since they "knew" that the signature would fail (which, in
fact, wasn't always the case). It took quite a bit of convincing on
my part that they should just leave it alone. It's not hard to
understand their perspective though: they thought a broken signature
would look more spammy than a missing signature. Rinse, repeat.
A mailing-list not breaking signatures is a scary idea. This would
open the door for all sorts of abuse.
Yesterday, of the 32082 messages that Cisco sent through mailing lists,
99.6% of them passed verification. Keep your grubby mitts off of the
supposedly broken signatures like RFC4871 says.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html