On 14/05/2025 18:44, John R Levine wrote:
On Wed, 14 May 2025, Wei Chuang wrote:
Another alternate method is to support both DKIM2 and DKIM1 as implied
throughout this thread. Forwarders that modify messages with a DMARC
consequence will also have to DKIM1 resign and rewrite the From to take
ownership of the message. ...
I think that's the realistic option. Depending on how much cooperation
we get from people who write list software, they might add an option so
subscribers can say don't munge if they know their mail system supports
DKIM2. Or for a few of the large mail systems, the list software could
make a pretty good guess.
Stephen Turnbull told me that it would be trivial to make munging a
per-subscriber option on Mailman if requested. As a workaround, he
proposed the sibling lists method, described in Appendix A of my
fix-forwarding draft. Letting the end user choose would require
preparing a test message that bounces if the user's provider applies
DMARC after DKIM1 verification.
The SMTP extension is unsuitable in this case, because MLMs submit
messages to the local server, after any munging has already been done.
It would work if the munging was done by the DKIM2 signer, online during
the SMTP dialogue.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
