DKIM

Michael H. Warfield mhw at WittsEnd.com
Tue Aug 11 15:41:01 IST 2009 

On Tue, 2009-08-11 at 09:13 -0400, Rick Cooper wrote:
> ----Original Message----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of --[ UxBoD
> ]-- Sent: Monday, August 10, 2009 12:49 PM To:
> mailscanner at lists.mailscanner.info Subject: DKIM
> 
> > Has anybody used http://dkimproxy.sourceforge.net/ with MS for signing
> > emails ? or do you do this at MTA level ? 
> > 
> > Best Regards,
> > 
> > 
> > --
> > This message has been scanned for viruses and
> > dangerous content and is believed to be clean.
> > 
> > SplatNIX IT Services :: Innovation through collaboration
> > 
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > 
> > Before posting, read http://wiki.mailscanner.info/posting
> > 
> > Support MailScanner development - buy the book off the website!

> Must be signed by the last entity to touch it or the signature would be
> invalid

	Not really, although I guess that partly depends on what you mean by
"to touch it".  That's actually touted as the bigest advantage of DKIM
over SPF.  DKIM can even work through mailing lists without any extra
tricks.  The signatures are on certain message attributes which should
not be tampered with by an MTA or other intermediary and should remain
invariant from MUA to MUA.  There is even an option for either "simple"
verification (strict) or a more relaxed verification that uses message
canonicalization (normalize line endings, white space, word wrapping,
header wrapping) to deal with some levels of non-compliant modification.
It's far FAR more forgiving than, say, PGP/Mime in that regard.  Even
MailScanner can break PGP/Mime if you have certain options turned on and
it rewrites the Mime structure (refer to discussions on this list a few
years back about that one).

> Rick

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090811/bf5f6dbd/attachment.bin

More information about the MailScanner mailing list