Hello,
I've set up my mail server with Exim so that it obeys the restrictions
in RFC 8301. That means that DKIM signatures with SHA-1 hashing or keys
shorter than 1024 bit are rejected. Also, other messages with invalid or
mismatching signatures are rejected.
That causes a bit of trouble because many mail servers out there seem to
be sending out messages with outdated, invalid or broken DKIM
signatures. That leads to those messages being rejected when they should
actually be delivered.
Is DKIM usage so broken beyond repair that I should instead completely
ignore it? Among those broken servers are eBay (none of their messages
appears here), several mailing lists (not sure if it's also this one)
and other companies who should be serious about digital security (but
may not have digital expertise themselves).
What are your experiences with DKIM validation and especially that RFC
8301? I'd like to know how to proceed with this. Currently I'm
explaining my mailbox users that the senders' mail server configuration
is broken and needs repair. But not everybody accepts that.
-Yves (please CC me when replying)
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
