Nov 16, 2022, 5:01 AM
Post #16 of 21
(1066 views)
Permalink
On 11/16/22 4:46 AM, Greg Troxel wrote:
> Can you expand on that?
I'll try.
My understanding is that few MUAs test DKIM signatures /client/ /side/.
-- The only exception that I'm aware of is that there was a Thunderbird
add-on that would test DKIM signatures /client/ /side/. Almost all DKIM
/testing/ / /checking/ that I'm aware of is /receiving/ MTA side.
> A DKIM failure means that one can't establish that the message came
> from the domain, and this leads to:
Sure.
> decline to apply whitelist_from_dkim
>
> perhaps, if one has data that most things with that From: have valid
> dkim sigs, give it some spam points.
My understanding is that /per/ /RFCs/ a failing DKIM signature is to be
treated the same as if there is no DKIM signature.
Or said another way, DKIM is only supposed to be a /positive/
/assertion/ if / when a DKIM signature validation passes. DKIM is
supposed to not be negative.
Please correct me if I'm wrong.
> in spam filtering and
>
> if there is a DMARC policy, and it fails SPF also, file as spam
> or reject
N.B. DMARC is vastly different from, but still potentially reliant upon
DKIM.
> Are you saying tht some MTAs outright reject on DKIM failure, in the
> absence of DMARC?
I have seen evidence of postmasters /mis/configuring their MTAs to
behave the /opposite/ /of/ /what/ /RFCs/ /prescribe/.
> I did just get a bounce message in reply to a message I sent here,
> complaining that my message failed DKIM (maybe the list munged it)
> and SPF (ok; the list is not in general authorized to send mail from
> my domain) and therefore was being rejected (but I do not currently
> publish a DMARC policy).
I'm not getting on my what mailing list managers should and should not
do horse in this email. ;-)
> Not really this topic, but I think mailing lists really need to be
> set up to not break DKIM.
TL;DR: I believe that mailing list managers are an email terminus; end
of my message and the start of a new message substantively based on my
message.
> The kids all want us to use forums anyway,
It's healthy to want things. It's an indication that you have opinions
and are not a sheepeople.
> and DKIM-breaking and spam filtering issues, really doesn't help.
I've found that when both email terminus (termini?) behave properly,
DKIM is not an issue. At worst, a failing DKIM signature is treated as
if the DKIM signature doesn't exist. At best, a passing DKIM signature
adds credence to a message / it's source.
> Agreed. Really the MUA needs support for a spam-marking
> header, or to file messages with such headers into a separate
> mailbox/folder/whatever.
I would assume that any contemporary MUA worth it's disk space does, and
has for 10-15 years, understands various spam filter headers asserting
status. E.g. Thunderbird has built in support for SpamAssassin,
Bogofilter, DSPAM, POPFile, and SpamPal.
--
Grant. . . .
unix || die