Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
50% of the spam we see is RFC compliant DKIM signed, DKIM isnt the issue in
your example its the operator and how they determine reputation
Please read what was said.
No Signature, Double From ---> Trapped/rejected by mipassoc.org
DKIM signed Double From ----> Accepted, Resigned by mipassoc.org
If mipassoc.org is going to an "example" of many systems, then we have
a unfortunate problem until current systems are updated to prevent the
DKIM loophole for what is otherwise RFC5322 checking systems.
What it means for most systems that they need to change a model based
on this:
CHECK DKIM ---- PASS --> ACCEPT
CHECK RFC5322 ---- BAD --> REJECT
BREAK
RESIGN
DISTRIBUTE
To this:
CHECK RFC5322 ---- BAD --> REJECT
CHECK DKIM ---- PASS --> ACCEPT
BREAK
RESIGN
DISTRIBUTE
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html