Robert Wysocki wrote, on 26.04.2012 13:07:
> Hi there,
>
> I'm trying to achieve configuration that would verify DKIM signatures
> for known signers.
> Everything works fine until envelope-from address is one of known
> signers. But many spams have envelope-from set differently than From:
> header, eg. injectingy472@??? in envelope-from and
> something@??? in From: header.
> This enables them to bypass DKIM signature checks and therefor to bypass
> one of the anti-spam mechanisms.
DKIM has no relation to envelope from. DKIM signs and protects the From:
header (and others). Using envelope from for anything related to DKIM can only
produce false positives, eg. common forwards.
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> |
http://www.blafasel.at/
Vienna University Computer Center | Austria
