https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6895
--- Comment #7 from John Hardin <[email protected]> --- (In reply to comment #6) > > Question: would (DKIM_SIGNED && !DKIM_VALID) be a reasonable test to detect > > such, or would that hit on properly-formed-but-invalid DKIM signatures as > > well, which would make it a less-useful test? > > Indeed, it would not differentiate between various failure reasons, some > of which may be due to recipient's mail path (mangling mailers, fetchmail, > mailbox or MUA mangling, DNS failures, mail redirecting or mailing lists), > some due to sender's broken setup or infrastructure. Yeah. > The real value of DKIM is for whitelisting purposes (or negative score > points) when a signature is valid and belongs to a trustworthy domain > (reputation). I think assigning spam score points to failed signatures > is too risky due to false positive opportunities - maybe worth a small > fraction of a score point, too risky for more. I'm not interested so much in failed signatures as _malformed_ signatures. That may be a useful spam sign, just as an SPF record that says "the entire internet is a valid mail source for this domain" may be a useful spam sign. > > It would be best to detect malformed vs. properly-formed in the plugin > > and expose an eval for that, is that easy to do? > > Maybe. Currently all the parsing is hidden in the Mail::DKIM module, > so we have no access to it, and re-doing it in SpamAssassin is probably > not worth the effort. It might be as simple as to catch and remember some of those undefined variable results you just coded around (lines 667 and 822, perhaps) and expose them as a boolean eval (DKIM_MALFORMED, perhaps) that's true if any of those occurred. -- You are receiving this mail because: You are the assignee for the bug.
