Phil Pennock <exim-users@???> (Sa 12 Jun 2010 07:37:09 CEST): > On 2010-06-11 at 23:34 +0200, Heiko Schlittermann wrote:
> > Ian Eiloart <iane@???> (Fr 11 Jun 2010 18:25:45 CEST):
> > > >>Or is this something useful for other Exim users, too?
> > > >
> > > >Could be - in case we have to prove that we didn't change the message
> > > >after reception (the hash has to be signed, of course).
> > > So, why not use the DKIM features?
> >
> > Stupid question maybe: does the DKIM signature include the message body?
> > (I always thought, it's only a signature for selected header fields.)
>
> Yes, it includes the message body; otherwise a spammer could just
> include the headers from a valid message and a new body and pump out
> spam which verifies as coming from an identity that they do not actually
> have administrative control of.
Hm. With a bit more thinking I could have answered myself.
Thus, your proposal sounds promising. If it works as I understand *now*, we can
"abuse" DKIM.
