On Oct 13, 2010, at 11:27 AM, Jeff Macdonald wrote:
And even if there was a DKIM signature, it is the BAD GUY'S signature,
which should cause it to go into the SPAM folder, with a large
phishing warning.
<rant>
Count me as one of those who was confused early on about what DKIM
provides. DKIM seems to make assurances to message integrity. But it
doesn't. I think the reason why many think it does is because of the
body hash. It is trying to do to much. It should just provide an
identifier that can be verified. Instead of using the body for
hashing, use the Message-ID header along with the Date header and just
hash that. That way most folks would understand DKIM is just providing
an Identifier.
</rant>
The reason for the body hash is solely to prevent replay attacks - where a
spammer
receives legitimate email, then reuses the signature to send out spam.
That's the only reason it's there, not for anything to do with message
integrity,
but it is a good reason for it to be there.
That this has been documented and evangelized poorly is something to
rant about, perhaps.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html