It's pretty well established that trying to reconstruct a message based on a validation failure is a bad practice. If a mailing list wants to play well with DKIM, it can add its own signature and sign an Authentication-Results header to say that it validated the original (or use ARC for that). Barring that, a failed validation really needs to stay a failed validation, and the receiving domain shouldn't be guessing what might have happened and trying to reverse it.
Barry On Wed, May 29, 2024 at 2:09 PM Alessandro Vesely <[email protected]> wrote: > > On Wed 29/May/2024 19:29:27 +0200 John Levine wrote: > > It appears that Alessandro Vesely <[email protected]> said: > >>My verifier, in particular, works every time on my messages. It doesn't > >>mean > >>it doesn't work at scale. > > > > Nor, of course, does it mean that it does. > > > Agreed. > > However, if it doesn't work for a given list, it's always possible to add more > stuff in the header that will help the verifier restore the original values > and > evaluate if the amount of change the list applied is acceptable. Since the > signer and the verifier is the same program, it's easy to coordinate. > > > Best > Ale > -- > > > > > _______________________________________________ > Ietf-dkim mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
