This looks like a cleaner version of my forwarding token proposal. >> You're constraining it to use by a specific, very small set of domains, >> and only for a limited time. > >Then again, let's note that this double-signed mail is going to show up >at some receivers that don't know about DKIM-delegate.
Right. So if you don't want people using unforwarded weak signatures for reputation management, you need to put something into them so that old clients don't accept them as signatures and ignore the t= tag. Either call them something other than DKIM-Signature, or do a version bump to v=2. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
