[exim] Experiences with RFC 8301 (DKIM)

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Yves Goergen
Fecha:  
A: Yves Goergen via Exim-users
Asunto: [exim] Experiences with RFC 8301 (DKIM)
Hello,

I've set up my mail server with Exim so that it obeys the restrictions
in RFC 8301. That means that DKIM signatures with SHA-1 hashing or keys
shorter than 1024 bit are rejected. Also, other messages with invalid or
mismatching signatures are rejected.

That causes a bit of trouble because many mail servers out there seem to
be sending out messages with outdated, invalid or broken DKIM
signatures. That leads to those messages being rejected when they should
actually be delivered.

Is DKIM usage so broken beyond repair that I should instead completely
ignore it? Among those broken servers are eBay (none of their messages
appears here), several mailing lists (not sure if it's also this one)
and other companies who should be serious about digital security (but
may not have digital expertise themselves).

What are your experiences with DKIM validation and especially that RFC
8301? I'd like to know how to proceed with this. Currently I'm
explaining my mailbox users that the senders' mail server configuration
is broken and needs repair. But not everybody accepts that.

-Yves (please CC me when replying)