Autor: Marc Perkel Fecha: A: exim-users Asunto: Re: [exim] Rejecting based on domain keys
Magnus Holmgren wrote: > On Thursday 29 March 2007 23:27, Marc Perkel wrote:
>
>> If a domain has a policy of signsall=1 and there is no signature - is
>> that good enough to reject the email?
>>
>
> That's up to you if you think that every domain that declares that policy
> actually follows it. Maybe the probability is greater than for domains with
> SPF records ending in "-all".
>
>
>> If a message is signed but result is badsig - can I reject it?
>>
>
> That's up to you, but it's not generally recommended, I believe, as the chance
> is too great that some relay alters the message in a way that breaks the
> signature.
>
I see - so altering the message in any way breaks the signature. I
should probably ignore bad signatures then.