bill.ox...@cox.com wrote:
> 50% of the spam we see is RFC compliant DKIM signed, DKIM isnt the issue in
> your example its the operator and how they determine reputation
Please read what was said.
No Signature, Double From ---> Trapped/rejected by mipassoc.org
DKIM signed Double From ----> Accepted, Resigned by mipassoc.org
If mipassoc.org is going to an "example" of many systems, then we have
a unfortunate problem until current systems are updated to prevent the
DKIM loophole for what is otherwise RFC5322 checking systems.
What it means for most systems that they need to change a model based
on this:
CHECK DKIM ---- PASS --> ACCEPT
CHECK RFC5322 ---- BAD --> REJECT
BREAK
RESIGN
DISTRIBUTE
To this:
CHECK RFC5322 ---- BAD --> REJECT
CHECK DKIM ---- PASS --> ACCEPT
BREAK
RESIGN
DISTRIBUTE
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
