nanog mailing list archives
Re: Incoming SMTP in the year 2017 and absence of DKIM
From: Grant Taylor via NANOG <nanog () nanog org>
Date: Wed, 29 Nov 2017 12:53:01 -0700
On 11/29/2017 11:33 AM, Michael Thomas wrote:
A broken DKIM signature is indistinguishable from a lack of a signature header.
I'll argue that it's possible to distinguish between the two. *However* the DKIM standard states that you should treat a broken DKIM signature the same as no DKIM signature.
I've come to understand DKIM to be proof /positive/, as in trust something when there is a DKIM signature -and- it validates. Everything else defaults to neutral, NOT /negative/.
It's possible that as a heuristic you might be able to divine something from lack of signature and the existence of selectors for a domain, but afaik there isn't an easy way to query for all of the dkim selectors for a domain, and even if there were it would be a pretty sketchy heuristic, is my bet.
Not being able to tell if DKIM is in use has been a long standing annoyance of mine.
That being said, I think it could be trivial to query for DMARC records and deduce things from the existence of the "adkim" option. If it's there and set to reject, then there really should be DKIM-Signature header for the message.
-- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM, (continued)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM valdis . kletnieks (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Eric Kuhnke (Dec 01)
- RE: Incoming SMTP in the year 2017 and absence of DKIM Keith Medcalf (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Chuck Anderson (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- RE: Incoming SMTP in the year 2017 and absence of DKIM Keith Medcalf (Dec 01)