[Mailman-Developers] dkim-signature headers
Joe Peterson
joe at skyrush.com
Wed Feb 7 04:12:39 CET 2007
With DKIM, according to my understanding, you are supposed to treat a
"bad" sig the same way you'd treat "no" sig. So it would neither help
nor hurt to have a bad signature; it would be like having none (or a
missing sig).
Personally, I think DKIM would be a whole lot more effective and
powerful if we *could* treat bad sigs as bad. Also, I think there is
danger of people reacting to bad signatures negatively. Personally, I'd
eye a failed sig with a more suspicious eye than no sig.
-Joe
Bob Puff wrote:
> I confess not having read up on Domain Keys.. I did get into SPF a little, but
> understand its flaws as well.
>
> If a bad DK isn't bad, then how is this supposed to help spam? I mean, if the
> mere presence of some signature in the headers will increase the likelihood of
> an email being delivered (or at least help it NOT be tagged as spam), surely
> the spammers will pick up on this, and the whole benefit lost.
>
> Example:
>
> Spammer takes a legit message from a DK sender, replaces it with his spam, and
> blasts it out with the original DK headers. The message has obviously been
> altered, and contains spam. Would it not be right to reject this message,
> since it fails the DK check?
>
> Now if the DK verification were done on the input side to Mailman (that is, in
> the MTA), I can see a benefit. But even in that scenerio, unless Mailman is
> signing, I'd think removal of the DK headers would be the right thing to do.
>
> Bob
>
More information about the Mailman-Developers
mailing list