In article <cahvbj+kaxamyr1o2adc-eqrhbf+sphyu5q_pgsybwtm4tmt...@mail.gmail.com> you write: >On Mon, 23 Jul 2018 at 20:16, Steve Atkins <st...@blighty.com> wrote: >> > On Jul 21, 2018, at 1:28 AM, Stefano Bagnara <mai...@bago.org> wrote: >> > [...] >> > Otherwise we keep weakening DMARC to a point where it is not useful >> > anymore. >> >> For many senders it's not useful; it's actively harmful. They're deploying >> it because they've been >ordered to, or because they've received bad advice, or because they're copying >others who've made poor >decisions. > >The "v=spf1 +all" SPF record is another, even easier, way to work around it.
It doesn't work, of course, since mailing lists invariably use their own bounce address, not the one in the original author's domain. >RFC6376 5.4. Determine the Header Fields to Sign: >"signing fields present in the message such as Date, Subject, >Reply-To, Sender, and all MIME header fields are highly advised." We wrote that a long time before anyone had imagined the mess that is DMARC. >May be another plan using multiple signatures. > >You can sign it twice, once with the "suggested" setup and once with >your "minimal" setup (a different selector and very fast-rotating >selector/keys). This way receivers that only wants to accept DKIM as >valid when enough headers and enough of the body is signed can still >accept one of your DKIM signatures. Sure, if you think that's useful. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
