On Fri 22/Mar/2024 19:22:10 +0100 John R. Levine wrote:
While I generally agree, DMARC for the last decade didn't have a testing
flag. That's new in DMARCbis, so I don't think that's really germane. This
particular thing is on us as a working group.
RFC 6376 makes it quite clear on page 28 that DKIM verifiers ignore signatures
with a t=y flag, and treat them as though they're not there. What else is there
to say? If they're not there, the message isn't signed, at least not with that
signature.
I think it depends on the verifier's configuration whether it reports dkim=pass
or dkim=policy for test signatures. And also for small keys, unsigned header
fields which are considered important and the like.
So, for DKIM, DMARC results depend on tweaking receiver's configuration.
That's very different from SPF, where it is the sender who tweaks its
configuration by setting adequate qualifiers. One more reason not to mix the two.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
