Incoming SMTP in the year 2017 and absence of DKIM
gtaylor at tnetconsulting.net
Wed Nov 29 20:48:25 UTC 2017
On 11/29/2017 01:35 PM, Blake Hudson wrote:
> Where DKIM/SPF really help is when there's a failure that indicates a
> message has been spoofed.
There are other legitimate things that can break DKIM signatures. I
have personally seen changes in content type encoding break a DKIM
The message was perfectly valid, and only failed DKIM signature validation.
> This is a good indication of phishing and is a
> justified reason to reject or quarantine a message in the interest of
> your employees or subscribers.
As much as I would like to be able to safely reject on DKIM Signature
validation failure, I don't think that it is safe to do so.
> Sometimes these will be config errors,
> but I feel confident telling the sender to take config issues up with
> their service provider.
Hopefully this will bring the perceived problem to someone's attention
who can hypothetically do something to correct it.
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
More information about the NANOG