On 11/6/2019 9:43 AM, Brandon Long wrote:
What's more, the point of including Subject and other mutable headers is the same as it is for DKIM, those are the headers which are important to the receiver, so they should be validated.
This being a technical list, I'm going to get picky and note that DKIM does not 'validate' those fields.
There is a derivative data integrity benefit, between signing and validated, for such fields, but that is quite different from any claim that the contents of those fields are 'valid'.
Some signing sites have much more stringent uses of DKIM than are provided by the standard. That's fine, of course, but it has nothing to do with the standard. Hence any receive-side reliance on such signer data validation is outside the DKIM standard.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
