Re: [exim] Rejecting based on domain keys

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
Subject: Re: [exim] Rejecting based on domain keys


Magnus Holmgren wrote:
> On Thursday 29 March 2007 23:27, Marc Perkel wrote:
>
>> If a domain has a policy of signsall=1 and there is no signature - is
>> that good enough to reject the email?
>>
>
> That's up to you if you think that every domain that declares that policy
> actually follows it. Maybe the probability is greater than for domains with
> SPF records ending in "-all".
>
>
>> If a message is signed but result is badsig - can I reject it?
>>
>
> That's up to you, but it's not generally recommended, I believe, as the chance
> is too great that some relay alters the message in a way that breaks the
> signature.
>


I see - so altering the message in any way breaks the signature. I
should probably ignore bad signatures then.