DomainKeys and DKIM signing support

Kevin Hansard Kevin.Hansard at ipl.com
Fri Jun 8 10:17:27 IST 2007


> Not yet, no; but it could be.
> Have you got a nice simple short and sweet document describing DKIM,
how 
> it works, what it protects against and why it will stop all spam :-)

Well I am fairly certain it isn't going to stop all spam! Really it is
just another step along the way. It will make it harder to spoof email
addresses in both spam and virus messages. However it won't help that
much when the spammers use botnets.

The FAQ is here http://www.dkim.org/info/dkim-faq.html.
For the full DKIM spec see
http://www.ietf.org/rfc/rfc4871.txt?number=4871.

> Assuming it's based on some checksum/hash function, what text of the 
> message does it use as its input?
> Can you make it just operate on the body and not the headers at all?

The whole message is required including the headers. I would expect that
following all the header and body processing that you already do, but
before you finally unlock the message for delivery you would pass the
whole message into Mail::DKIM and this would return a new DKIM-Signature
header that would need to be added into the message.

> Am I just trying to add DKIM to a message, or do you need me to check
it 
> as well?

I think MailScanner probably only needs to be responsible for signing
messages. Verifying the signatures can already be done by the receiving
daemon or by spamassassin. 


--
Kevin Hansard
www.ipl.com


More information about the MailScanner mailing list