John Levine writes: > >Spamassassin does not pretend to be a DKIM (or DMARC) policy engine, > >so of course it "accepts" weak signatures. It accepts invalid and > >nonexistent signatures, too. > > No, it doesn't. It calls Mail::DKIM to validate the signatures.
Indeed, it validates the signatures. I should have written "'accept' and 'reject' are not appropriate for use in discussing SpamAssassin's processing at the level of message features". The question I'd like to ask is "how hard would it be to get SpamAssassin to evaluate the features it knows about (eg, 'valid DKIM signature') in conformance with each of the proposals?" That is, is it possible for SpamAssassin to independently assign a score (presumably a fairly large negative one) to the specific feature - This field is DKIM-Delegate to example.com, AND - there is a valid DKIM signature from example.com for the whole message body and appropriate headers, AND - the DKIM-Delegate field is signed with a valid signature, AND - RFC5322.From is aligned with the valid signature on DKIM-Delegate and other such (complex) features? Is it more straightforward if DKIM-Delegate is self-signed as I proposed? Etc. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc