Suresh Ramasubramanian ops.lists at
Wed Feb 19 04:44:25 UTC 2014

I would not advise that.  Plenty of things can render a dkim sig invalid.
 Not all of them are evidences of malice.

You might be well advised to check for a DMARC record (which asserts policy
using a combination of DKIM and SPF) and if there's a reject there, feel
free to trash the email if there's a validation failure.  But not simply
because a DKIM signature breaks.


On Tuesday, February 18, 2014, Private Sender <nobody at> wrote:

> Spamassassin knows the dkim signature is invalid, so there must be a dns
> query that occurs at this point in the message processing.
> If that is the case, there must be someway to configure to reject if the
> dkim signature is invalid.

--srs (iPad)

More information about the NANOG mailing list