On Fri, Jun 26, 2020 at 9:45 PM John Levine <[email protected]> wrote: > In article <[email protected]> you write: > >In article < > caj4xoyecbh4ycofhzmv+a0336aifx55blvsdh-u21kkj+gr...@mail.gmail.com> you > write: > >>B) Specifying the specific Intermediary in the Intermediary Field. This > >>would indicate that the users domain recognizes that the user uses the > >>intermediary and by policy exempts this use even though it breaks both > DKIM > >>and SPF validation. The receiving domain would need to recognize some > >>potential risk of malicious modifications or additions to the message. > > > >Sounds like what I proposed several years ago: > > > >https://tools.ietf.org/html/draft-levine-dkim-conditional-03 > > Mike clarified that his suggestion is simpler in that the recipient > can recognize that intermediary however it wants, not necessarily with > a DKIM signature. > > This makes me wonder how many mailing lists still don't add DKIM > signatures. Unlike the header rewriting hacks, they don't affect the > way recipients see or handle the mail in their inboxes. >
DKIM signing would certainly make it easier for receivers but I'm hesitant to try and mandate it for intermediaries. The 2nd signature from the originator is a good indicator and depending on which additional fields are signed should provide reasonable protection against replay attacks. Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
