> >> In some systems, sieve scripts and other filtering is done *after* the > >> MUA drops the message in the delivery mailbox. If that drop removes > >> the signature, that hampers the sieve/filtering process severely. A > >> sieve "redirect" becomes impossible, and the filtering would not be > >> able to use the DKIM signature for other purposes either (though it > >> might be able to rely on the auth-results header field for some > >> things.
First, I made a typo: where I said "MUA" above, I meant to say "MDA". > Isn't it the MDA which runs sieve filters? Two answers: 1. Most often, yes, but, as I meant to say above, *when* in the process it does it is variable. All filtering would have to be done *before* the removal of the dkim-signature header field. 2. There are MUAs (email clients) that support sieve and other filtering, and those necessarily run it *after* the MDA would remove the signature. > Transparent forwarding is > harder for a MUA, as it usually has to go through Submission protocol, > which can change a number of message details. Can, but generally does not, other than to add a "Received" line or two. There's a long history of MUAs with "re-send" functions, which have successfully done such transparent redirects. Removal of the signature would break that function with respect to DKIM (and, therefore, DMARC). Barry _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
