On 4/28/19 12:38 PM, Chris Adams via mailop wrote:
So should mailing lists reject such messages?
No. Absolutely not.The DKIM specification states that a failed DKIM-Signature validation should be treated like a lack of a DKIM-Signature.
I think the list MTA should accept the messages with DKIM oversigned headers, remove said DKIM-Signature headers, pass the DKIM-less message into the mailing list for normal processing.
Ideally, the list MTA would add new DKIM-Signature header as messages went outbound.
If they're going to add headers and the signing effectively says "don't", why should the list accept the message?
The signing doesn't say "don't". The signing is a way to detect if the message has been modified in transit. IMHO DKIM is a trip wire of sorts to detect modification, nothing more, nothing less. Was the message modified, yes or no.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
