Hi! On Fri 17/Aug/2018 23:48:34 +0200 Dilyan Palauzov wrote: > > I cannot provide very useful experience:
Thank you for the overview. Albeit low-volume, it confirms my feeling that rfc6651 is not widely adopted. > [...] > - state explicitly that providers who want reports about mismatched > DKIM-Signature have to use p=reject;pct=0;fo=d;ruf=... ruf= suffices. p=reject;pct=0; is to force MLMs to rewrite From:, so as to avoid useless reports. However, what one deems useless could be interesting for another; for example, one might use aggregate reports triggered by MLM sending as a sort of delivery notification, thereby achieving a partial list of subscribers' domains. One-man-and-for-fun provider's subscription is easily betrayed that way. > Why shall software that knows r=y is old-fashion not remove it from > DKIM-Signature:, in order to ensure that r=y is not interepreted later by > software, that doesn't know r=y was moved to historic? Let me recall that the DKIM-Signature header field is implicitly signed; that is, if you alter it any way, it won't verify any more. Removal of r=y would be nearly impossible to undo, unless you know r=y was present and where exactly it was placed. Remove the whole field or rename it to, say, Old-DKIM-Signature. BTW, some signatures are weak enough to survive boilerplate changes. In that case, the signer might be interested in verification failures even after MLM changes. How would you treat that instance? Best Ale -- _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
