> On Jul 21, 2018, at 1:28 AM, Stefano Bagnara <mai...@bago.org> wrote: > > On Sat, 21 Jul 2018 at 04:11, Dave Crocker <d...@dcrocker.net> wrote: >> The concern for replay attack should be adequately mitigated by gluing >> the d= identifier to the major substance of the message. The rest, >> really, is handling-related, rather than substance(content) related. > > Then just sign the From that is the only required header in the DKIM > spec and a small amount of bytes in the body (so to let forwarders add > their footers, too). > > IMHO in a conversation the "recipient" details are more important than > the "subject" or the "date", once you signed the body. > > Forwarders breaking DKIM because they alter to or reply-to will have > to be fixed (we are in 2018, this is not rocket science anymore). > > Otherwise we keep weakening DMARC to a point where it is not useful anymore.
For many senders it's not useful; it's actively harmful. They're deploying it because they've been ordered to, or because they've received bad advice, or because they're copying others who've made poor decisions. Weakening it's guarantees *for those senders* mitigates that damage. It also *strengthens* DMARC for other senders, those using it legitimately, as it reduces the number of recipient mailbox providers who stop enforcing DMARC because it breaks delivery of legitimate email. Cheers, Steve _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop