On Mon, Nov 20, 2017 at 02:46:08PM -0800, Steve Atkins wrote: > That's poor practice, for several reasons - replay attacks with added content > and it being an extremely rare practice that's likely to trigger bugs in DKIM > validation are two. The latter is the much bigger deal. > > It also doesn't help much for most MIME encoded mail (including base64 > encoded plain text, like the mail I'm replying to). > > Pretending those paragraphs aren't there is the right thing to do.
Yes. Also the DMARC and forthcoming ARC mechanisms -- super important for people behind gmail and yahoo and so on -- make that feature not really work, AFAICT. I think that part of DKIM is busted, and the authors of it I've talked to seem to agree. A -- Andrew Sullivan a...@crankycanuck.ca
