[169221] in North American Network Operators' Group
Re: spamassassin
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Feb 18 23:44:49 2014
In-Reply-To: <53042CB6.60304@snovc.com>
Date: Tue, 18 Feb 2014 20:44:25 -0800
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I would not advise that. Plenty of things can render a dkim sig invalid.
Not all of them are evidences of malice.
You might be well advised to check for a DMARC record (which asserts policy
using a combination of DKIM and SPF) and if there's a reject there, feel
free to trash the email if there's a validation failure. But not simply
because a DKIM signature breaks.
--srs
On Tuesday, February 18, 2014, Private Sender <nobody@snovc.com> wrote:
> Spamassassin knows the dkim signature is invalid, so there must be a dns
> query that occurs at this point in the message processing.
>
> If that is the case, there must be someway to configure to reject if the
> dkim signature is invalid.
>
>
--
--srs (iPad)
