On Wed, Aug 14, 2024 at 08:25:30PM +0100, Julian Bradfield via Exim-users wrote:
> > I do not agree.
> > The DKIM RFC says that anyone can sign a message.
>
> Yes, but it also says very clearly that it's up to the Identity
> Assessor to decide what, if any, trust to place in a message signed by
> a domain that is not aligned to the From: header (or other header).
>
> The obvious assessment to make is that it is a forgery signed by the
> forger, unless you have particular knowledge of a trust connection
> between the originating domain and the signing domain.
No. Alignment, etc., is DMARC not DKIM. Absent a DMARC policy for
the "From:" domain, any the DKIM signature allows the receiving system
to use the "d=" value as a key into a reputation system, but questions
of "forgery" do not arise.
--
Viktor.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
