On 25-03-09 09:42:46, Jaroslaw Rafa via Postfix-users wrote:
> Dnia 9.03.2025 o godz. 09:23:48 Petko Manolov via Postfix-users pisze:
> > Well, one very important property of authenticity is trust.
> >
> > If a message falsely claim it originates from certain domain and then DKIM
> > fail, i very much don't want to receive, let alone read, this message.
> > Right?
>
> But DKIM can only fail *if, and only if* the originator domain *actually
> signs* the outgoing messages.
This isn't to say i would have trusted the email content only because it was
DKIM signed. In order to trust the message content i'd rather use something
like GPG, etc.
> If it doesn't, then you can't talk about such thing as "DKIM failure".
>
> DKIM is *not* mandatory. No RFC says that email MUST be DKIM signed.
Heh, so cool.
> And you certainly might have to receive and read these messages, as they may
> be important to you. And the fact that the originator chose *not* to DKIM
> sign these messages has nothing to do with their importance or unimportance.
OK, imho this makes DKIM kind of useless, except in a few very specific cases.
I might as well completely skip this check.
I kind of hoped that DKIM is considered "best practices" and large percent of
properly configured smtp servers would be using it. It seems that's clearly not
the case...
Thanks for the explanation.
Petko
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
