> On Oct 27, 2022, at 4:16 PM, Douglas Foster
> <[email protected]> wrote:
>
>
> Murray raised the issue of a signature which produces PASS, but lacks trust
> because it is constructed with weak coverage, such as omitting the Subject or
> including an L=valuie clause.
>
> DKIM was designed to be flexible so that it could be used for many purposes.
> DMARC is a specific purpose and therefore it needs a more specific
> definition of what a signature should and should not contain. I am
> proposing that we ensure that all signatures used for DMARC follow a content
> standard so that all compliant signatures are equally trustworthy.
>
> For DMARC, an aligned DKIM PASS should preserve the originator's content,
> identity, and disposition instructions. Any header that might legitimately
> be added or removed by a downstream MTA should not be included in the
> original DKIM signature, as these are likely to produced false DKIM FAIL.
>
> Here is a first-pass list of headers that meet these objectives:
>
> Date
> To
> From
> Subject
> Body (absence of L=value)
> Reply-To
> In-Reply-To
> Authenticated-As
Amen. That seems reasonable.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
