Incoming SMTP in the year 2017 and absence of DKIM

Grant Taylor gtaylor at tnetconsulting.net
Wed Nov 29 20:48:25 CST 2017


On 11/29/2017 01:35 PM, Blake Hudson wrote:
> Where DKIM/SPF really help is when there's a failure that indicates a 
> message has been spoofed.

There are other legitimate things that can break DKIM signatures.  I 
have personally seen changes in content type encoding break a DKIM 
signature.

The message was perfectly valid, and only failed DKIM signature validation.

> This is a good indication of phishing and is a 
> justified reason to reject or quarantine a message in the interest of 
> your employees or subscribers.

As much as I would like to be able to safely reject on DKIM Signature 
validation failure, I don't think that it is safe to do so.

> Sometimes these will be config errors, 
> but I feel confident telling the sender to take config issues up with 
> their service provider.

Hopefully this will bring the perceived problem to someone's attention 
who can hypothetically do something to correct it.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20171129/34216623/attachment.bin>


More information about the NANOG mailing list