On 11/23/20 11:49 AM, Brandon Long wrote:
The receiving MTA in the next domain doesn't have to discard the information before removing it. The act of removing it is so there isn't confusion about the ultimate auth-res, especially with MUA's. The incoming MTA is free to consider the previous auth-res just like it's free to consider the previous arc auth-res.I imagine that the vast majority of intermediaries that break signatures number exactly one extra domain, so it's not very hard to reconstruct the chain of custody from origin to destination. Assuming the intermediary resigns with the incoming auth-res, the destination can choose to believe that auth-res or not, right? Since this is an experiment, do we have an idea of what the rest of the problem is after the typical mailing list-like signature breakers are excluded?No, as in the RFC says to remove them, so it's a standard part of implementation.RFC 7601 4.1: instances of the header field that appear to originate within the ADMD but are actually added by foreign MTAs will be removed before delivery. That's very different than "just maybe it might be removed"
Mike
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
