On 2010-06-11 at 23:34 +0200, Heiko Schlittermann wrote: > Ian Eiloart <iane@???> (Fr 11 Jun 2010 18:25:45 CEST):
> > >>Or is this something useful for other Exim users, too?
> > >
> > >Could be - in case we have to prove that we didn't change the message
> > >after reception (the hash has to be signed, of course).
> > So, why not use the DKIM features?
>
> Stupid question maybe: does the DKIM signature include the message body?
> (I always thought, it's only a signature for selected header fields.)
Yes, it includes the message body; otherwise a spammer could just
include the headers from a valid message and a new body and pump out
spam which verifies as coming from an identity that they do not actually
have administrative control of.
DKIM contains two ways of forming the message body, for signing
purposes, and optionally lets you only sign the first 'l' bytes of the
body. So you could theoretically use l=0 but at this time I can't
conceive of a scenario where that would be wise.
