> A sender that expects a message to be forwarded might put both a > conventional DKIM signature and a signature with a !fs tag that > refers to the domain name of the expected forwarder. > > require conventional, full DKIM signatures. Why? It seems to me that any >DMARC authentication method could suffice. That is, the author domain (!fs >signer) could be SPF authenticated by the MLM; and the MLM could be SPF >authenticated by list recipients. No?
You're mixing levels here. dkim-conditional describes a new way to create a valid DKIM signature. I wouldn't want to try to describe how a DKIM validator is supposed to stop and take a detour through an SPF validator to decide what to do next. R's, John PS: the draft looks fine to me _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
