On 8/26/16 8:11 PM, li...@wrant.com wrote: >> But my question for sure that I am not sure of the answer is if you have >> emails that happened to have multiple DKIM signature added to the header >> along the way. > > Why would you have these, if email is not getting changed after sending? > Simply abandon the concept of changing the email message after sending..
Why would you have multiple DKIM signature? Simple. You run your own mail server at home and it add a DKIM signature and then it forward your emails to an other server to do the final delivery that also is program to add DKIM signature as well. IN that case will you not have two DKIM signature, one by each servers in the delivered path? I am not saying the email should be changed, but isn't it that if a server IS using KDIM it put his signature anyway? So, in the scenario above you will have two signatures... >> The answer to that question is not clear to me. > > If you explain to us, why we need to have multiple signatures added then > perhaps we (you) could start getting clearer position on your question.. No I do NOT asked to have multiple signatures. Isn't it possible ot have more then one if the path taken by an email go through multiple servers that are configure to use DKIM? In that situation will you NOT end up with multiple signature in your header? >> Why does that make a difference, well if you run your own server and you >> control it pretty close and absolutely ONLY allow senders to use it by >> authenticate to it, then the chance of forgery are reduce as much as you >> control it to be nil if you use it just for you and are the only one >> using it, or very limited trusted friends and all. >> >> Then the signature can be trusted, the SPF records can be trusted and >> then the DMARC can be enforce. > > Done. Then remove these flawed tools & revert to open clear text mail.. > as we have it now, and anybody that needs something more: encrypt yours. You are not helping here and really got a short point of view! I use encrypted emails with users that support it. But that doesn't solve the problem asked originally in this thread... I asked one question and suggested a possible work around to solve the issue raise in the first place and explain the consequences of doing it as well. And asked if I was mistaken in what I suggested based on how I understand it. > Advertising generates it, these same advertising companies run public > email services. There is your answer, they propose these ideas: SPF, > DKIM, DMARC, and future-to-see more. If marketers are getting paid.. None of these cost anything to use... You can chose to use it or not. I don't see your point. > The solution is to make it as convenient as SSH, raising malpractices > costs by making them practically unfeasible. What we see now, is the > reverse, making it impractically complex & ubiquitous to use $GOOG's. Again miss conception I think. To use SSH you need an account where you log in. I fail to see what SSH will solve here in emails you send to anyone, or someone you may never had contact with before. I can log using SSH on my server to send you an email. You log via SSH to read my email, so what? Doesn't mean it was form me... Sorry I totally fail to see your point with SSH here.
