John Levine writes:
> >Spamassassin does not pretend to be a DKIM (or DMARC) policy engine,
> >so of course it "accepts" weak signatures. It accepts invalid and
> >nonexistent signatures, too.
>
> No, it doesn't. It calls Mail::DKIM to validate the signatures.
Indeed, it validates the signatures. I should have written "'accept'
and 'reject' are not appropriate for use in discussing SpamAssassin's
processing at the level of message features".
The question I'd like to ask is "how hard would it be to get
SpamAssassin to evaluate the features it knows about (eg, 'valid DKIM
signature') in conformance with each of the proposals?"
That is, is it possible for SpamAssassin to independently assign a
score (presumably a fairly large negative one) to the specific feature
- This field is DKIM-Delegate to example.com, AND
- there is a valid DKIM signature from example.com for the whole
message body and appropriate headers, AND
- the DKIM-Delegate field is signed with a valid signature, AND
- RFC5322.From is aligned with the valid signature on DKIM-Delegate
and other such (complex) features? Is it more straightforward if
DKIM-Delegate is self-signed as I proposed? Etc.
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
