[lug] Tell us how

Zan Lynx zlynx at acm.org
Mon Mar 4 14:19:57 MST 2013

On 03/04/2013 01:40 PM, Sean Reifschneider wrote:
> Because I can't find anything in RFC5585 that says that you can do anything
> but act on a valid signature.  In fact, it specifically says that a broken
> signature must be treated as if there were no signature at all.  (3.2.2)
> The section on verification (4.4) says that you can verify a signature, but
> it says nothing about lack of a signature.
I may not have understood what you were objecting to previously. It does 
look as if the DKIM RFCs restrict themselves to just valid or not valid 
DKIM signatures and ignore how you tell what signatures should be present.

If I was writing spam blocking rules I'd just look for the DKIM key on 
the sender's domain. If that didn't work reliably I'd keep a domain list 
which would contain Yahoo and other known DKIM senders and require that 
email from Yahoo addresses have a DKIM signature from the Yahoo.com domain.

If I wanted to follow the "act on a valid signature" rule precisely then 
what I'd do is assign 10 spam points to any email from a host on the 
DKIM required list and then "act" by removing 20 spam points for a valid 

More information about the LUG mailing list