On 3/24/25 7:29 AM, Todd Herr wrote:
On Mon, Mar 24, 2025 at 10:24 AM Jim Fenton <fen...@bluepopcorn.net>
wrote:
Joining the conversation a little date due to travel…
On 21 Mar 2025, at 21:41, Todd Herr wrote:
> - DKIM2, as currently described, allows and even encourages
receivers to
> reject messages that fail DKIM2 validation
I got that sense from the discussion and from something in the
motivation draft that I can’t find right now. I think this is
dangerous.
Unless you’re saying that unsigned messages will also be rejected,
you’re describing a situation where a mis-signed message is
treated more harshly than an unsigned message. That means that a
domain is taking a risk of nondelivery by signing with DKIM2 in
case it mis-signs messages or some forwarder does so.
I posit that a world with unsigned messages being rejected is indeed
possible. Major mailbox providers have been saber rattling about "No
auth, no entry" for quite some time, and the current Yahoo/Google
requirements that at least some senders publish a DMARC record (among
other things) in order to get mail considered for acceptance are a
step in that direction.
Out of curiosity would, say, a mailing list that breaks the original
signature but signs on the mailing list's behalf count as "signed"? At
some level DKIM is about taking responsibility for a message so
something that a mailing list signed is who you'd blame and/or hang some
reputation off of.
If that were the case, it seems that could be workable although I'd be
really scared about the collateral damage. But they'd know what it would
be, so they'd have an informed view of things.
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
