有没有人有使用DKIM仅签署邮件正文的一部分的经验?
DKIM规范允许用户限制计算签名时使用的消息体数量;电子邮件的DKIM-Header('l')中的参数可用于向收件人服务器指示实际签署了多少正文。如果我可以限制这个,我可以减少我的MTA消耗的CPU量,但如果它导致可传递性问题,显然不值得麻烦。
在实践中,邮件提供商是否需要签署整个机构?
参考文献:
rfc4871 - DomainKeys Identified Mail (DKIM)
...
A body length specified in the "l=" tag of the signature limits the
number of bytes of the body passed to the verification algorithm.
All data beyond that limit is not validated by DKIM. Hence,
verifiers might treat a message that contains bytes beyond the
indicated body length with suspicion, such as by truncating the
message at the indicated body length, declaring the signature invalid
(e.g., by returning PERMFAIL (unsigned content)), or conveying the
partial verification to the policy module.
opendkim.8
-L min[%+] - Instructs the verification code to fail messages for
which a partial signature was received.
感谢您的投入!