> > Your plan, as I understand it, was that verifiers will ignore a > > signature that is too weak. One might argue clients that accept weak > > signatures are already broken, but in that case there are an awful lot > > of broken clients, starting with spamassassin. (I just checked.) > >Spamassassin does not pretend to be a DKIM (or DMARC) policy engine, >so of course it "accepts" weak signatures. It accepts invalid and >nonexistent signatures, too.
No, it doesn't. It calls Mail::DKIM to validate the signatures. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
