On 2023-09-24, Slavko via Exim-users <exim-users@???> wrote:
> --===============1966052188431819066==
> Content-Type: multipart/signed; boundary="Sig_/lzN9G3ASjGZEv5NTElT3kpN";
> protocol="application/pgp-signature"; micalg=pgp-sha256
>
> --Sig_/lzN9G3ASjGZEv5NTElT3kpN
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> Ahoj,
>
> D=C5=88a Sat, 23 Sep 2023 11:30:02 +0200 Mario Emmenlauer via Exim-users
><exim-users@???> nap=C3=ADsal:
>
>> I'd like to reject emails that are not sent from a valid DKIM-enabled
>> sender.
>
> Do not do that. Failed DKIM is the same as no DKIM at all (by RFC) and
> here is a lot reasons why legitimate email can have broken DKIM
> signature. By my experiences, all SPAM has either valid or no
> signature...
>
> If you really want that, do it on per domain base. Create DB of "must
> pass" domains and reject those only, but once again, prone to false
> positives...
Such a per-domain database with public sender opt-in exists.
It is called DMARC
--
Jasen.
🇺🇦 Слава Україні
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/