On 11/29/2017 01:35 PM, Blake Hudson wrote:
Where DKIM/SPF really help is when there's a failure that indicates a message has been spoofed.
There are other legitimate things that can break DKIM signatures. I have personally seen changes in content type encoding break a DKIM signature. The message was perfectly valid, and only failed DKIM signature validation.
This is a good indication of phishing and is a justified reason to reject or quarantine a message in the interest of your employees or subscribers.
As much as I would like to be able to safely reject on DKIM Signature validation failure, I don't think that it is safe to do so.
Sometimes these will be config errors, but I feel confident telling the sender to take config issues up with their service provider.
Hopefully this will bring the perceived problem to someone's attention who can hypothetically do something to correct it. -- Grant. . . . unix || die