[Mailman-Developers] dkim-signature headers

Michael Thomas mat at cisco.com
Wed Feb 7 16:53:27 CET 2007

Joe Peterson wrote:
> With DKIM, according to my understanding, you are supposed to treat a
> "bad" sig the same way you'd treat "no" sig.  So it would neither help
> nor hurt to have a bad signature; it would be like having none (or a
> missing sig).
> Personally, I think DKIM would be a whole lot more effective and
> powerful if we *could* treat bad sigs as bad.  Also, I think there is
> danger of people reacting to bad signatures negatively.  Personally, I'd
> eye a failed sig with a more suspicious eye than no sig.

Until, of course, you rejected a piece of mail which had an x-million dollar
deal in it... one thing we found out is that while people hate false 
mail admins *really* hate false positives. The truth of the matter is 
that shit
happens in the mail system and overreacting based on single factors is a
great recipe for generating lots of false positives. As an individual 
you can set your own tolerance level, but you quickly become a lot
more conservative if you're doing it at a (large) group level.


More information about the Mailman-Developers mailing list