Still hammering on Run Your Own Mail Server.
If you’ve worked with signing protocols like OpenPGP, you’re familiar with digital signatures. You take a chunk of data and sign it. Any alteration to the file invalidates the signature. You might be expecting DKIM to work the same way. It can, but doesn’t.
Traditional mail software has been free to rearrange messages if the programmer thought it necessary or correct. This might include adding or rearranging headers, substituting one kind of whitespace for another, trimming trailing whitespace, transforming line wrapping, and more. Any of these changes invalidate digital signatures. Complicated mail systems might pass messages through multiple MTAs before they reach their destination. Those systems are often from different vendors who each interpret the standards uniquely. Some older so-called “email firewalls” mangled messages to achieve what they branded as “security,” and a few of these systems are still
If you enjoy watching me suffer from cryptography poisoning, you can still sponsor this book or follow the carnage on a few social media platforms.
If you enjoy watching me suffer from cryptography poisoning, you can still sponsor this book or follow me on a few social media platforms.