Re: [exim] DKIM in exim: Broken?

Top Page
Delete this message
Reply to this message
Author: Sven Hartge
Date:  
To: exim-users
Subject: Re: [exim] DKIM in exim: Broken?
Phillip Carroll <postmaster@???> wrote:
> On 11/10/2014 4:12 AM, Patrick von der Hagen wrote:


>> I'm curious how you know that those were valid signatures and no changes
>> took place in transit?


> When I asserted I "know" that the bank's emails were signed correctly, I
> admit that assertion was NOT based on actual certain knowledge. Instead,
> it was based on a more heuristic sort of reasoning:


> (c) If then, millions of emails with faulty signatures are being
> sent, how is that no one else has discovered this, or if they have, why
> has an institution with trillions on deposit done nothing to fix the
> problem?


Because, honestly, there are so many false positives concerning DKIM
signatures (mailinglists adding their signature to the body, servers
reencoding subjects, etc.) nobody gives a fsck about this.

I won't find it surprising if Chase's botched DKIM signature has been
going on for some time, somebody (like you) noticed it, sent a mail to
Chase's IT department, got no reply and thought "ah, what the hell" and
that's the end of the story.

If your reasoning is "this is a multi-billion dollar company, the surely
will know what they are doing", then you will have a really bad day,
believe me.

Grüße,


--
Sigmentation fault. Core dumped.