有没有人有使用 DKIM 仅签署部分消息体的经验?
DKIM 规范允许限制用于计算签名的消息正文的数量;电子邮件的 DKIM-Header ('l') 中的一个参数可用于向收件人服务器指示实际签署了多少正文。如果我可以限制这一点,我可以减少我的 MTA 消耗的 CPU 量,但如果它导致可交付性问题,显然不值得麻烦。
在实践中,邮件提供商是否要求对整个正文进行签名?
参考:
rfc4871 - DomainKeys Identified Mail (DKIM)
...
A body length specified in the "l=" tag of the signature limits the
number of bytes of the body passed to the verification algorithm.
All data beyond that limit is not validated by DKIM. Hence,
verifiers might treat a message that contains bytes beyond the
indicated body length with suspicion, such as by truncating the
message at the indicated body length, declaring the signature invalid
(e.g., by returning PERMFAIL (unsigned content)), or conveying the
partial verification to the policy module.
.
opendkim.8
-L min[%+] - Instructs the verification code to fail messages for
which a partial signature was received.
感谢您的输入!