On Mon, 6 Jul 2020, Murray S. Kucherawy wrote:
No, I'm not saying render them differently. I'm saying that if the second signature passes, then the second one signed the bolted-on spam but also told you how to strip it away to get the original. So, do that; if the author signature now passes, you have the original "clean" message to show instead of the hijacked message. If not, you have a spammy message to deal with, as before.
I don't understand this scenario at all. Why would I want to show my user a message forwarded by a spammer? If the original sender wanted me to see it, she could have sent it to me directly, or through a legit mailing list.
R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
