> DKIM-Delegate does not need or use any externally-maintained list.
please, solve this spoofing example: 1. so, a sender sends DKIM-D with every email, regardless whether it is meant for a mailing list or not, cause they maintain no whitelist to make a difference, 2. sender sends an email to me. mind u, i'm not a mailing list. sender added me in DKIM-D "t=" tag [there's no whitelist, so any receiver is a candidate, whether defined by "t=" or implicitly], 3. i see there's DKIM-D in ur email, i copy it for my message, sign that message using my DKIM [i AM a delegated entity], and send away an email satisfying DKIM-D profile, caring whatever i'm interested transmitting to my victims. or am i missing something? a whitelist, perhaps? this is a common issue with any weak DKIM. -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
