[ietf-dkim] Accidental versus malicous error
Michael Thomas
mike at mtcc.com
Thu Dec 20 10:44:32 PST 2007
Damon wrote:
> I do not see this as being correct and I never agreed with it.
> I am going to have to do "something" whether the signature is broken
> or not. Just because messages have broken signatures does not mean
> that I am going to have to add even 1 more linux server to my farm to
> handle them. My disagreement comes with the difference between ALL and
> STRICT. ALL would mean that all of my messages are signed, broken or
> not. Any message coming from me with NO signature is a failure of my
> published policy. When I receive a message from this domain I will
> likely accept the message if it has a signature regardless of the
> validity and drop the messages with no signature on the floor.
That would be a bad idea. I believe they changed this in the most current
version, but gnu mailman -- as an example -- was stripping out DKIM
signatures thinking they were doing the originating domain a favor since
they "knew" that the signature would fail (which, in fact, wasn't always
the case). It took quite a bit of convincing on my part that they should
just
leave it alone. It's not hard to understand their perspective though: they
thought a broken signature would look more spammy than a missing
signature. Rinse, repeat.
Mike
More information about the ietf-dkim
mailing list