On 28/Sep/10 12:59, Ian Eiloart wrote: > --On 27 September 2010 19:26:37 +0200 Alessandro Vesely<[email protected]> > wrote: > >> Now the MLM does its editing job. It knows the original message was >> signed, so it makes sense to verify if the signature is still good >> after any changes have been applied. In case verification fails, it >> shouldn't try to distribute an adsp-breaking message, so it can either >> send back a bounce or drop it. > > Oh, but I already know that my MLM is going to break any message with a > signed body. UK law practically mandates the addition of unsubscription > information in a message footer. We certainly require it locally.
Signatures may still survive if they use l=. Probably, the best method for determining whether a signature has been broken is to simply verify it again. BTW, running OpenDKIM testsuite, it seems that verifying is an order of magnitude faster than signing. Thus, an extra verification shouldn't hurt. As a curiosity, I've noted that MLMs usually avoid duplicating the subject-tag (possibly even if it was present twice in the original.) However, they almost invariably duplicate the footer, if it's already present. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
