These new well-defined rules provide a mechanical procedure for determining
whether the encapsulated message body is the "same", provided that the full
message is DKIM-verified.
Yeah, I can add a giant new MIME part of arbitrary spamminess and it'll
DKIM verify. Can someone explain in detail how a verifier is supposed to
use this new hack. Consider these two messages:
a) has a one line trailer part saying
"for more information about foo list see http://foolist.org";
b) has a 50 line trailer explaining that my credit card has been
cancelled and I need to click on this malware link immediately.
Both have a valid list-whatever signature.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
