It appears that Wei Chuang <wei...@google.com> said: >-=-=-=-=-=- > >Hi DKIM folks, >As many of you know there was a DKIM security vulnerability disclosure >Friday around the signature header body length tag "l=".
It looks like the l= senders are largely one ESP who said today they have stopped doing it, and companies that use poorly configured Ironport appliances. Since RFC 6376 already says not to do what this "disclosure" describes, I think it's more likely to be effective to follow up with the people who are using l= and encourage them to fix it. So far nobody has pushed back when told of the issue. R's, John _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org