On Sun, Jul 13, 2014 at 12:22:02PM +0200, Andreas Schulze wrote:
> > Sign after 7-bit downgrade, and DKIM signatures will never be broken.
>
> Impossible because I'm not the originator but provide only a relay service.
On an inbound relay you might add Authentication-Result headers
that might be trusted by downstream systems.
On an outbound relay, the responsibility to sign after 7bit conversion
falls on the upstream system. The relay has no choice but to downgrade.
Presumbly systems that don't advertise 8bit support are less likely to
perform DKIM signature checks.
--
Viktor.
