NOTICE: Significant community changes coming soon
The header menu and the home page on our community will be changing soon. Get more information HERE.

DKIM check for incoming messages

Idea ID 2778555

DKIM check for incoming messages

DKIM check works now in this way:

DKIM is checked against DNS and then blocked or quarantined with a policy rule. And we have to enter a domain name in the policy to check or decide to check every domain. Which leads to a lot of false-positives.

This method is not how DKIM should work officially.

DKIM checks have to follow the following rule:

DKIM is checked against the public DNS key. If aligned, the mail should initially be accepted.  If not aligned, DMARC must decide what to do. After that the DMARC record in DNS is checked for the policy for that domain. If the policy is none the mail should be accepted, if the policy is 'quarantine' the mail should end up in QMS and if the policy is 'reject' the mail should be dropped.

So please make changes to the DKIM implementation for incoming mails and include DMARC in it. The same should be done for SPF.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.