Hi! > On 2024-08-14, Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote: > > On 14/08/2024 15:27, Kurt Jaeger via Exim-users wrote: > >> So: user1@domain1 has an autoreply, and the autoreply > >> should be signed with dkim for domain1. > > > > I do not agree. > > The DKIM RFC says that anyone can sign a message. > > Yes, but it also says very clearly that it's up to the Identity > Assessor to decide what, if any, trust to place in a message signed by > a domain that is not aligned to the From: header (or other header). > > The obvious assessment to make is that it is a forgery signed by the > forger, unless you have particular knowledge of a trust connection > between the originating domain and the signing domain.
Thanks, that's a good point. I guess the trust connection would come from the source IP that also is part of the SPF record of the email, which is much more difficult to check. -- p...@opsec.eu +49 171 3101372 Now what ? -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
