On 2012-11-20 22:20 , Steve Scotter wrote: > I've love to but opendkim doesn't appear (on first glance) to have the > ability to do that. Will look into that.
Then you probably shouldn't let opendkim reject mails at all, if it cannot do that. >> But rejecting on a bad DKIM signature alone is simply not someone should >> ever do. > Just to clarifiy, are you suggesting that rejecting a DKIM signed email from > a domain with a ADSP record of "dkim=discardable" still shoulnd't be rejected? I assume you mean "... given that the signature is bad or absent". Yes, I would recommend to ignore ADSP completely, and instead use DMARC. And then optionally detect traffic from known mailinglists and accept those regardless of a p=quarantine or p=reject status from dmarc. But that's still being hotly debated in the dmarc community. That said, there's only recently public software available to verify dmarc signatures and generate the necessary reports, implementing that on a home mail gateway is probably a lot of work. The DMARC standard is only a draft, and might change. And of course every admin is free to choose whatever he or she likes. But ADSP doesn't appear to be getting a lot of leverage, and if dmarc does take off, ADSP will be obsolete. -- Jan-Pieter Cornet SSL is only keeping your connection safe from hackers, crooks and three letter agencies by the least secured, least likely to refuse money from strangers, and least bullying-proof of several hundred companies worldwide.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
