Re: Incoming SMTP in the year 2017 and absence of DKIM

[Grant Taylor via NANOG <nanog () nanog org>]

On 11/29/2017 01:35 PM, Blake Hudson wrote:
> Where DKIM/SPF really help is when there's a failure that indicates a 
> message has been spoofed.

There are other legitimate things that can break DKIM signatures.  I 
have personally seen changes in content type encoding break a DKIM 
signature.

The message was perfectly valid, and only failed DKIM signature validation.

> This is a good indication of phishing and is a 
> justified reason to reject or quarantine a message in the interest of 
> your employees or subscribers.

As much as I would like to be able to safely reject on DKIM Signature 
validation failure, I don't think that it is safe to do so.

> Sometimes these will be config errors, 
> but I feel confident telling the sender to take config issues up with 
> their service provider.

Hopefully this will bring the perceived problem to someone's attention 
who can hypothetically do something to correct it.



--
Grant. . . .
unix || die

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature