John R. Levine wrote:
>> Ignorance is bliss, I guess, especially when it comes to pontificates.
>> That's what every implementation of DKIM for MTA's, both open source and
>> commercial that I'm aware of does, though some do and don't do the ADSP
>> lookup. News at 11: email is still delivered, with little to no observable
>> impact.
>
> It is not my impression that they all do the full DKIM validation while
> the SMTP session is open. Mine doesn't.
Our DKIM implementation does plus ADSP Extensions (ASL and ATPS
combined) enabled are processed during the SMTP session.
I am going to do something soon:
Turn off USER VALIDATE at RCPT TO
where we normally see 63-70% rejects for spoofs or near user names for
our locally hosted domains.
Since we are enforcing DKIM domain signing with a strong signing
policy, I expect for all of these to be policy based rejections.
The ASL and ATPS extensions is working out great so far. I have this
list whited via ASL. I have other list and EPS via ATPS.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
