[lug] Tell us how
zlynx at acm.org
Mon Mar 4 14:19:57 MST 2013
On 03/04/2013 01:40 PM, Sean Reifschneider wrote:
> Because I can't find anything in RFC5585 that says that you can do anything
> but act on a valid signature. In fact, it specifically says that a broken
> signature must be treated as if there were no signature at all. (3.2.2)
> The section on verification (4.4) says that you can verify a signature, but
> it says nothing about lack of a signature.
I may not have understood what you were objecting to previously. It does
look as if the DKIM RFCs restrict themselves to just valid or not valid
DKIM signatures and ignore how you tell what signatures should be present.
If I was writing spam blocking rules I'd just look for the DKIM key on
the sender's domain. If that didn't work reliably I'd keep a domain list
which would contain Yahoo and other known DKIM senders and require that
email from Yahoo addresses have a DKIM signature from the Yahoo.com domain.
If I wanted to follow the "act on a valid signature" rule precisely then
what I'd do is assign 10 spam points to any email from a host on the
DKIM required list and then "act" by removing 20 spam points for a valid
More information about the LUG