Re: [ietf-dkim] detecting header mutations after signing


Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:

50% of the spam we see is RFC compliant DKIM signed, DKIM isnt the issue in 
your example its the operator and how they determine reputation



Please read what was said.

    No Signature, Double From ---> Trapped/rejected by mipassoc.org
    DKIM signed Double From  ----> Accepted, Resigned by mipassoc.org

If mipassoc.org is going to an "example" of many systems, then we have 
a unfortunate problem until current systems are updated to prevent the 
DKIM loophole for what is otherwise RFC5322 checking systems.

What it means for most systems that they need to change a model based 
on this:

      CHECK DKIM     ---- PASS  --> ACCEPT
      CHECK RFC5322  ---- BAD   --> REJECT
      BREAK
      RESIGN
      DISTRIBUTE

To this:

      CHECK RFC5322  ---- BAD   --> REJECT
      CHECK DKIM     ---- PASS  --> ACCEPT
      BREAK
      RESIGN
      DISTRIBUTE

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[ietf-dkim] ISSUE: 4871bis-02 - Section 8.14 comments, Hector Santos

Next by Date:

Re: [ietf-dkim] detecting header mutations after signing, Ian Eiloart

Previous by Thread:

Re: [ietf-dkim] detecting header mutations after signing, Bill.Oxley

Next by Thread:

Re: [ietf-dkim] detecting header mutations after signing, Ian Eiloart

Indexes:

[Date] [Thread] [Top] [All Lists]