Re: [exim] Unsigned messages from DKIM domains

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Yves
Fecha:  
A: exim-users
Asunto: Re: [exim] Unsigned messages from DKIM domains
Le 12/01/2017 à 04:10, Richard Clayton a écrit :
> publishing a DKIM key without DMARC is NOT a policy statement !

True.

>> This is no my own designing. That's a public standard. DKIM policies can be
>> published in the DNS as TXT records in several forms:
>
> no -- use of DKIM is not a policy statement ... that's precisely why
> DMARC exists

Yes, but a policy _can_ be put forward in DNS without DMARC; either of
these sets a policy:

_adsp._domainkey.example.org.    86400    IN    TXT    "dkim=all"
_asp._domainkey.example.org.    86400    IN    TXT    "dkim=all"
_domainkey.example.org.        86400    IN    TXT    "o=-\;"


DMARC is better but it is not the only existing solution.

Yves.