On Tue, Feb 6, 2024 at 2:33 AM Jeroen Massar <jeroen= [email protected]> wrote:
> `req=dkim`: requires DKIM, messages not properly signed are then to be > rejected/quarantined based on 'p' policy. > This sounds like what RFC 5617 tried to do, minus the constraint that the signing domain be equal to the author domain, which is one of the key pieces of DMARC. Isn't this a pretty big scope expansion? Also, can't an attacker just sign the message with any old throwaway domain and defeat this test without providing any new useful information to the verifier? -MSK, participating
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
