[ietf-dkim] Accidental versus malicous error
Michael Thomas
mike at mtcc.com
Thu Dec 20 15:07:53 PST 2007
Douglas Otis wrote:
>
> On Dec 20, 2007, at 10:44 AM, Michael Thomas wrote:
>
>> That would be a bad idea. I believe they changed this in the most
>> current version, but gnu mailman -- as an example -- was stripping
>> out DKIM signatures thinking they were doing the originating domain a
>> favor since they "knew" that the signature would fail (which, in
>> fact, wasn't always the case). It took quite a bit of convincing on
>> my part that they should just leave it alone. It's not hard to
>> understand their perspective though: they thought a broken signature
>> would look more spammy than a missing signature. Rinse, repeat.
>
> A mailing-list not breaking signatures is a scary idea. This would
> open the door for all sorts of abuse.
Yesterday, of the 32082 messages that Cisco sent through mailing lists,
99.6% of them passed verification. Keep your grubby mitts off of the
supposedly broken signatures like RFC4871 says.
Mike
More information about the ietf-dkim
mailing list