On 11/16/22 4:46 AM, Greg Troxel wrote:
Can you expand on that?
I'll try.My understanding is that few MUAs test DKIM signatures /client/ /side/. -- The only exception that I'm aware of is that there was a Thunderbird add-on that would test DKIM signatures /client/ /side/. Almost all DKIM /testing/ / /checking/ that I'm aware of is /receiving/ MTA side.
A DKIM failure means that one can't establish that the message came from the domain, and this leads to:
Sure.
decline to apply whitelist_from_dkimperhaps, if one has data that most things with that From: have valid dkim sigs, give it some spam points.
My understanding is that /per/ /RFCs/ a failing DKIM signature is to be treated the same as if there is no DKIM signature.
Or said another way, DKIM is only supposed to be a /positive/ /assertion/ if / when a DKIM signature validation passes. DKIM is supposed to not be negative.
Please correct me if I'm wrong.
in spam filtering andif there is a DMARC policy, and it fails SPF also, file as spam or reject
N.B. DMARC is vastly different from, but still potentially reliant upon DKIM.
Are you saying tht some MTAs outright reject on DKIM failure, in the absence of DMARC?
I have seen evidence of postmasters /mis/configuring their MTAs to behave the /opposite/ /of/ /what/ /RFCs/ /prescribe/.
I did just get a bounce message in reply to a message I sent here, complaining that my message failed DKIM (maybe the list munged it) and SPF (ok; the list is not in general authorized to send mail from my domain) and therefore was being rejected (but I do not currently publish a DMARC policy).
I'm not getting on my what mailing list managers should and should not do horse in this email. ;-)
Not really this topic, but I think mailing lists really need to be set up to not break DKIM.
TL;DR: I believe that mailing list managers are an email terminus; end of my message and the start of a new message substantively based on my message.
The kids all want us to use forums anyway,
It's healthy to want things. It's an indication that you have opinions and are not a sheepeople.
and DKIM-breaking and spam filtering issues, really doesn't help.
I've found that when both email terminus (termini?) behave properly, DKIM is not an issue. At worst, a failing DKIM signature is treated as if the DKIM signature doesn't exist. At best, a passing DKIM signature adds credence to a message / it's source.
Agreed. Really the MUA needs support for a spam-marking header, or to file messages with such headers into a separate mailbox/folder/whatever.
I would assume that any contemporary MUA worth it's disk space does, and has for 10-15 years, understands various spam filter headers asserting status. E.g. Thunderbird has built in support for SpamAssassin, Bogofilter, DSPAM, POPFile, and SpamPal.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
