[Mailman-Developers] dkim-signature headers
Michael Thomas
mat at cisco.com
Wed Feb 7 16:53:27 CET 2007
Joe Peterson wrote:
> With DKIM, according to my understanding, you are supposed to treat a
> "bad" sig the same way you'd treat "no" sig. So it would neither help
> nor hurt to have a bad signature; it would be like having none (or a
> missing sig).
>
> Personally, I think DKIM would be a whole lot more effective and
> powerful if we *could* treat bad sigs as bad. Also, I think there is
> danger of people reacting to bad signatures negatively. Personally, I'd
> eye a failed sig with a more suspicious eye than no sig.
>
Until, of course, you rejected a piece of mail which had an x-million dollar
deal in it... one thing we found out is that while people hate false
negatives,
mail admins *really* hate false positives. The truth of the matter is
that shit
happens in the mail system and overreacting based on single factors is a
great recipe for generating lots of false positives. As an individual
decision
you can set your own tolerance level, but you quickly become a lot
more conservative if you're doing it at a (large) group level.
Mike
More information about the Mailman-Developers
mailing list