Phillip Carroll <[email protected]> wrote: > On 11/10/2014 4:12 AM, Patrick von der Hagen wrote:
>> I'm curious how you know that those were valid signatures and no changes >> took place in transit? > When I asserted I "know" that the bank's emails were signed correctly, I > admit that assertion was NOT based on actual certain knowledge. Instead, > it was based on a more heuristic sort of reasoning: > (c) If then, millions of emails with faulty signatures are being > sent, how is that no one else has discovered this, or if they have, why > has an institution with trillions on deposit done nothing to fix the > problem? Because, honestly, there are so many false positives concerning DKIM signatures (mailinglists adding their signature to the body, servers reencoding subjects, etc.) nobody gives a fsck about this. I won't find it surprising if Chase's botched DKIM signature has been going on for some time, somebody (like you) noticed it, sent a mail to Chase's IT department, got no reply and thought "ah, what the hell" and that's the end of the story. If your reasoning is "this is a multi-billion dollar company, the surely will know what they are doing", then you will have a really bad day, believe me. Grüße, S° -- Sigmentation fault. Core dumped. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
