[Mailman-Users] cause of bounces

Grant Taylor gtaylor at tnetconsulting.net
Wed Oct 18 12:37:08 EDT 2017


On 10/18/2017 09:18 AM, Dimitri Maziuk wrote:
> Then you seem to misunderstand what crypto signatures actually do.

I believe I understand what the crypto signatures actually do.

We are each entitled to decide what to actually do based on the result 
of the crypto signature (in)validity.

> If signature check fails, then the message is not what its author 
> actually wrote. IRL it's mainly SorceForge and the like injecting its 
> ads into signed parts, (and the real reason google is pushing https and 
> dkim so hard is it's messing with their ad revenue,) but in principle if 
> the check fails the message *content* is *invalid*. Whoever the author 
> and whatever the content.

I believe I remember (but can't point to) something in the DKIM spec 
that referenced the possibility that the DKIM signature could be broken 
by things as benign as an MTA doing a content transfer encoding 
conversion.  -  I have personally seen this.

As such, you can't be 100% positive that the message content's meaning / 
copy has actually changed, just that something about the message has 
changed.  -  Thus it is advised to only treat valid signatures as a good 
thing and be cautious of treating invalid signatures as a bad thing.

I use DKIM validity as a signal that I then make decisions based on. - 
Hence why I have chosen to alter spam score on my mail server based on 
the DKIM result.



-- 
Grant. . . .
unix || die



More information about the Mailman-Users mailing list