On 10/8/2021 9:09 AM, Scott Kitterman wrote:
So originator includes From and Author and signs both. Then the mediator (e.g. MLM) minges From and signs again. Receiver checks DMARC and it passes. Then receiver sends feedback to both Author and From domains?
The purpose of the Author field is to retain some information that presumably won't get modified. Whether to actually 'believe' that information is a different matter, just as it is for all other header fields. And let's be clear that including a field in a DKIM signature does NOT validate its contents.
DMARC adds to the semantics with its definition of alignment. It's part of DMARC, not DKIM.
So it's certainly reasonable to include the Author: field in the set that produce the DKIM signature, but that inclusions does not have any semantic other than it didn't get changed since the signing. Data integrity is nice but is quite different from validation.
Since you are pressing the concern, perhaps you could characterize what danger/threat and what meaningful protection against it you are looking for?
d/ -- Dave Crocker [email protected] 408.329.0791 Volunteer, Silicon Valley Chapter Information & Planning Coordinator American Red Cross [email protected] _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
