Comment 21 for bug 316272
Revision history for this message
| Martin Pool (mbp) wrote Re: [Bug 316272] Re: launchpad should verify gmail or DomainKeys authenticators | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
On 17 June 2010 21:15, Gavin Panella <email address hidden> wrote:
> I don't think that anyone proposed that broken signatures be treated
> as useful in any way.
I did, in the LEP or email thread, say something about potentially
using failed signatures to reject spam/forgery. I'm not proposing we
do this now or that we do it unless the domain declares that all their
mail is signed. That's probably better done in an anti-spam facility
that stands in front of Launchpad.
This does mean that if a user expects their mail to be DKIM-signed but
we don't verify the signature, we'll just treat it as untrusted, and
reject it if they're trying to something that needs to be strongly
authenticated. I suppose at that point they can contact us and ask
why.
--
Martin