On Fri 09/May/2025 03:03:22 +0200 John Levine wrote:
It appears that Bron Gondwana <[email protected]> said:
So if there's anything ARC currently does better, I'd want to see if we
can implement that into DKIM2 as well. One case that has already been
discussed is the signed Authentication-Results headers, and I would be
very keen for a `DKIM2-Authentication-Results: ...>
I have mixed feelings about this. On the one hand, a likely model for mailing
lists, borrowed from ARC, is to look back through the chain and if the original
message was DMARC aligned, accept the list's version.
If the original message was NOT aligned and had p=reject, why on earth do
mailing lists insist in forwarding it as if it were legit?
If you can just pick the DMARC result our of a header, that would be nice.
On ther other hand, a buggy or malicious system could lie about A-R
results, so I was wondering how you could check for that.
That's the need-trust trap that fooled ARC. I hope DKIM2 won't fall for it
too. We don't want to do ARC2, do we?
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
