On 2023-09-24, Slavko via Exim-users <[email protected]> wrote: > --===============1966052188431819066== > Content-Type: multipart/signed; boundary="Sig_/lzN9G3ASjGZEv5NTElT3kpN"; > protocol="application/pgp-signature"; micalg=pgp-sha256 > > --Sig_/lzN9G3ASjGZEv5NTElT3kpN > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: quoted-printable > > Ahoj, > > D=C5=88a Sat, 23 Sep 2023 11:30:02 +0200 Mario Emmenlauer via Exim-users ><[email protected]> nap=C3=ADsal: > >> I'd like to reject emails that are not sent from a valid DKIM-enabled >> sender. > > Do not do that. Failed DKIM is the same as no DKIM at all (by RFC) and > here is a lot reasons why legitimate email can have broken DKIM > signature. By my experiences, all SPAM has either valid or no > signature... > > If you really want that, do it on per domain base. Create DB of "must > pass" domains and reject those only, but once again, prone to false > positives...
Such a per-domain database with public sender opt-in exists. It is called DMARC -- Jasen. 🇺🇦 Слава Україні -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
