Terry Zink writes: > 4. How does the sending MTA know when to stamp this v=2 DKIM > header? Presumably, it would need to have a list of known > forwarders stored somewhere?
Maybe John's answer in his parallel post is what you're looking for, but my interpretation is that this is a matter of local policy (and MTA implementation). Eg, I'm responsible for lists etc at a couple of domains, and I have several different answers! Maybe I trust the user (eg, me). Maybe I trust a particular addressee (because it's on your "list of known forwarders"). And maybe I don't really care as long as downstream is willing to sign and put *their* reputation on the line (they are signing the whole message, I'm just making a token). Oops, there's a real question. Should these forwarding signatures be RECOMMENDED or (REQUIRED) to have "full coverage" of message contents? Or maybe that doesn't matter as "responsible" 3rd parties will want to provide full coverage, and it's no trouble for abusers to do so? If REQUIRED, should there be a way for the Author Domain to specify the meaning of "full coverage," or should the RFC do so? _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
