Hello Phil, Phil Pennock <[email protected]> (Sa 12 Jun 2010 07:37:09 CEST): > On 2010-06-11 at 23:34 +0200, Heiko Schlittermann wrote: > > Ian Eiloart <[email protected]> (Fr 11 Jun 2010 18:25:45 CEST): > > > >>Or is this something useful for other Exim users, too? > > > > > > > >Could be - in case we have to prove that we didn't change the message > > > >after reception (the hash has to be signed, of course). > > > So, why not use the DKIM features? > > > > Stupid question maybe: does the DKIM signature include the message body? > > (I always thought, it's only a signature for selected header fields.) > > Yes, it includes the message body; otherwise a spammer could just > include the headers from a valid message and a new body and pump out > spam which verifies as coming from an identity that they do not actually > have administrative control of.
Hm. With a bit more thinking I could have answered myself. Thus, your proposal sounds promising. If it works as I understand *now*, we can "abuse" DKIM. Thank you. -- Heiko
signature.asc
Description: Digital signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
