If it's a mailing list, the traffic is not simply passing thru. Since the
message is being modified, the signature should at the very least be
deactivated.
For the third time, why? The RFC says it doesn't matter.
I believe it goes into the junk, but I don't believe it has anything to do
with a broken DKIM signature.
R's,
John
If you're going to do something that will break the DKIM signature as a matter
of course,
You should remove the DKIM signature, and maybe re-sign it with your own.
You shouldn't break the signature and then forward what was once goodmail with
a now busted signature.
Au contraire. You should always preserve all the signatures to make it
easier to figure out what happened if there's some sort of trouble down
the line.
Since the spec says that there is no difference in message handling for a
broken signature and one that's not there, could you be more specific
about why you think it's important to make forensics harder?
Signed,
Confused
PS: See RFC 6376, section 6.1:
Survivability of signatures after transit is not guaranteed, and
signatures can fail to verify through no fault of the Signer.
Therefore, a Verifier SHOULD NOT treat a message that has one or more
bad signatures and no good signatures differently from a message with
no signature at all.
...
In the following description, text reading "return status
(explanation)" (where "status" is one of "PERMFAIL" or "TEMPFAIL")
means that the Verifier MUST immediately cease processing that
signature. The Verifier SHOULD proceed to the next signature, if one
is present, and completely ignore the bad signature.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
