[Ietf-dkim] Re: ELI5: DKIM2 and DMARC

Mon, 24 Mar 2025 15:36:24 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <cal0qlwyoa8mdhsdafnh+coxwtp1bqxwy8dyd+l5xbk7aplz...@mail.gma
il.com>, Murray S. Kucherawy <superu...@gmail.com> writes

>On Mon, Mar 24, 2025 at 12:24PM Richard Clayton <rich...@highwayman.com>
>wrote:
>
>> you cannot determine "legitimate" in a protocol ... what DKIM2 does is
>> allow you, having determined that badness has occurred, to be sure which
>> entity was responsible for that badness and set a reputation (or a
>> block) accordingly
>
>Is the determination of "badness" left entirely as an exercise to the
>implementer/operator, or do you imagine we will be able to offer some
>guidance here?

clearly ... "remove all and replace by this" is pretty dubious as an
alteration (albeit something that got re-coded from quoted-printable to
base64 might look like that) ...

... but I regularly see bad emails where someone has added some HTML at
the front to display an image and have their URL actioned if you click.
All the text from the original email is never seen (viz: a pretty short
insertion completely changes the user experience) ...  I think the bad
guys do this in order to leave in all the legitimate URLs from an
original marketing email in the hope that will fool a reputation engine.

So guidance is going to either be mainly obvious, or impossibly complex

- -- 
richard                                                  Richard Clayton

Those who would give up essential Liberty, to purchase a        Benjamin
little temporary Safety, deserve neither Liberty nor Safety.    Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBZ+HcjWHfC/FfW545EQIlqgCghOrsq0XQ6bF/P56pf0Z7VGNjOt0AoJWc
v3O1XIj5kP0K1RCef/ew5yyF
=awPG
-----END PGP SIGNATURE-----

_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org

Reply via email to