Ralf Hildebrandt via Postfix-users skrev den 2023-05-16 15:20:
* Scott Kitterman via Postfix-users <postfix-users@postfix.org>:
DKIM has no policy mechanism associated with it, so there's no basis
in any standardized mechanism to determine if a DKIM failure should be
cause for rejection. I don't think it makes logical sense to treat a
message with a DKIM signature that failed to verify any more harshly
than you would unsigned mail.
DMARC does have such a policy component. Rejecting mail which fails
DMARC for domains that have a policy of p=reject is common. DMARC
does have a high error rate for some types of email, so I would
recommend a careful evaluation of what you would be rejecting before
you do so.
I always thought DMARC was the policy component for DKIM.
dmarc does not imho use ARC results yet :/
we all are useing unstable unfinished software, take it over to rspamd,
make sure rspamd ARC-seal ARC-sign before mailman see maillist postimgs.
then it works as designed, last thing dont dkim sign if not originating
mails, how many rejects are there on digest maillist ? :=)
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
