With DKIM, according to my understanding, you are supposed to treat a
"bad" sig the same way you'd treat "no" sig. So it would neither help
nor hurt to have a bad signature; it would be like having none (or a
missing sig).
Personally, I think DKIM would be a whole lot more effective and
powerful if we *could* treat bad sigs as bad. Also, I think there is
danger of people reacting to bad signatures negatively. Personally, I'd
eye a failed sig with a more suspicious eye than no sig.
-Joe
Bob Puff wrote:
> I confess not having read up on Domain Keys.. I did get into SPF a little, but
> understand its flaws as well.
>
> If a bad DK isn't bad, then how is this supposed to help spam? I mean, if the
> mere presence of some signature in the headers will increase the likelihood of
> an email being delivered (or at least help it NOT be tagged as spam), surely
> the spammers will pick up on this, and the whole benefit lost.
>
> Example:
>
> Spammer takes a legit message from a DK sender, replaces it with his spam, and
> blasts it out with the original DK headers. The message has obviously been
> altered, and contains spam. Would it not be right to reject this message,
> since it fails the DK check?
>
> Now if the DK verification were done on the input side to Mailman (that is, in
> the MTA), I can see a benefit. But even in that scenerio, unless Mailman is
> signing, I'd think removal of the DK headers would be the right thing to do.
>
> Bob
>
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
