0

We receive a lot of spam on our servers from 3rd party servers and often this spam includes the email header such as:

DKIM: validation error: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding

This can be caused by many trivial things such as incorrect line feeds but I wanted to query about this as I can't find the correct information:

I believe this is an issue with the sender (them) rather than the receiver (us), therefore:

    1. Is there any way our server can uniformly block or otherwise throttle emails incoming from external sources that fail DKIM? Either failing this specific error or any error?
    1. Is it a good idea to do this (I sadly suspect not?)? How prevelant is competent DKIM currently? My quick research seems to imply it's not at all a safe way of filtering incoming emails, despite this appearing to be a common theme amongst email providers and badly set up amongst recognised spammers.
    1. Could something like SpamAssassin check DKIM mail validity and mark accordingly?
2
  • 1
    Half-answer: don't bother about DKIM failures specifically, but consider a DMARC milter/filter. A message may carry any number of signatures, any of which could be useless (possibly only useless to you) or unverifiable (possibly others can retrieve the key). Your server shall only see if it can, within reasonable resource limits, find a useful, verifiable one that allows delivery otherwise restricted by policy (generally: DMARC). About other signatures, it shall make no judgement.
    – anx
    Commented May 24, 2022 at 12:10
  • @anx our servers have DMARC applied on outgoing mail but I'm unfamiliar with if its actually used as verification system on incoming mails.
    – Martin
    Commented May 24, 2022 at 12:46

0

You must log in to answer this question.

Browse other questions tagged .