* Scott Kitterman via Postfix-users <postfix-users@postfix.org>: > DKIM has no policy mechanism associated with it, so there's no basis in any > standardized mechanism to determine if a DKIM failure should be cause for > rejection. I don't think it makes logical sense to treat a message with a > DKIM signature that failed to verify any more harshly than you would unsigned > mail. > > DMARC does have such a policy component. Rejecting mail which fails DMARC > for domains that have a policy of p=reject is common. DMARC does have a high > error rate for some types of email, so I would recommend a careful evaluation > of what you would be rejecting before you do so.
I always thought DMARC was the policy component for DKIM. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
