Hello,
RFC6651 (Extensions to DomainKeys Identified Mail (DKIM) for Failure
Reporting) adds to DKIM-Signature the couple r=y - when an existing
DKIM-Signature does not validate, the signing server is notified that
something went (unintentionally) wrong.
The DKIM aggregate reports show whether a server signs correctly all
mails or not. If the aggregate reports show that this is sometimes
(let's say in 1%) not done correctly, the signer has no way to find
for which email the signing has not worked and cannot fix the signing
software, unless a report for the failing mail is sent with r=y.
RFC6377 (DomainKeys Identified Mail (DKIM) and Mailing Lists) suggests
in section 5.7 to remove the invalidated DKIM-Signagures, if the
mailing list software has changed the email.
I have not read ARC, but I have the impression that it says to keep
the invalidated DKIM-Signatures.
When an email with DKIM-Signagure: r=y is sent to a mailing list, the
email is modified, and a final recipient following r=y sends a report.
The problem is that this report is useless and distracting - it does
not indicate, that the signer-MTA or validator-MTA are implemented in
wrong way.
I suggest here in to suggest in a more formal manner, that MLMs
modifying a message are supposed to remove the r=y part of just
invalidated DKIM-Signature and this logic is also applied for ARC, if
relevant (I don't know ARC). Fixing only ARC will not help, as there
is software that follows DKIM, but has no idea about ARC.
Is such a recommendation a good idea?
How to make the recomentation? Amendment to RFC6377, amendment to RFC
6651, something else, that is very short to compose?
Regards
Dilian
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
