RE: Using results of dkim for gmail

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Wed, 10 Aug 2011 14:51:49 -0700

> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Steve Fatula
> Sent: Wednesday, August 10, 2011 1:50 PM
> To: Opendkim
> Subject: Using results of dkim for gmail
>
> If an email comes from gmail or ebay or paypal, and, it has no dkim
> signature, reject the message
>
> Note, I didn't even say it had to pass. It would seem that there should
> be no chance of it not being signed, right? So, any message meeting my
> criteria is 100% forged.

If you have faith that 100% of the gmail.com mail is going to be signed by gmail.com, you can use LocalADSP to set your own policy for that domain. To reject it, though, you'll have to set ADSPAction to do something, which is a global setting (i.e., it will be in effect for all domains that fail ADSP tests, local or otherwise).

Maybe this means there should be an extension to ADSPAction to allow per-domain actions. Hmm. If someone agrees, please open a feature request on SourceForge. There's time still to do that for 2.5.0.

-MSK
Received on Wed Aug 10 2011 - 21:51:56 PST