On 4/14/2025 11:41 PM, Burke, Evan wrote:
Regardless of the specific words we may use to describe it, I've seen
some very large email platforms omit some important headers in their
DKIM signatures - headers explicitly recommended by the DKIM RFC - and
I've seen that absence enable real-world ab
Regardless of the specific words we may use to describe it, I've seen some
very large email platforms omit some important headers in their DKIM
signatures - headers explicitly recommended by the DKIM RFC - and I've seen
that absence enable real-world abuse. Based on samples from multiple
senders o
On Wed, Apr 9, 2025 at 8:17 AM Pete Resnick wrote:
> On 7 Apr 2025, at 13:11, Dave Crocker wrote:
>
> Bron,
>
> On 4/7/2025 10:53 AM, Bron Gondwana wrote:
>
> I buy this argument. You're quite correct, DKIM doesn't have any actual
> problems. It's perfect. It does exactly what it's specified to
I agree with Bron. The carbon footprint discussion distracts away from what
I think is the main purpose with a set of defined headers that have to be
signed: Making sure senders don't forget to sign them.
Personally I don't have a strong opinion if those headers are explicit or
implicit. The key po
On Sat, Apr 12, 2025, at 03:43, Dave Crocker wrote:
> On 4/11/2025 12:56 PM, Richard Clayton wrote:
> > > So, really, this is a failure of internal regulation and
> > accountability that is
> > > being externalized here.
> >
> > Although that is strictly true, the recipients of the replayed email
On 4/14/2025 5:21 PM, Bron Gondwana wrote:
Regarding the "relatively few platforms generating this problem"
statement. This is an assertion without data.
Indeed, my comment is based on the view that Replay is only worth doing
at scale and therefore using domain names that have an 'interesting'
On 4/14/2025 5:10 PM, Emil Gustafsson wrote:
rom what I think is the main purpose with a set of defined headers
that have to be signed: Making sure senders don't forget to sign them.
Forget? As if a normative requirement in a standard is a memory aid?
It might help to see some clear, explici
I agree that DKIM replay has been and still is very much a problem. While
this issue peaked in 2022 where many senders were impacted, I still see
current deliverability escalation issues with DKIM replay described as the
root cause. Since 2022, we put in place several mitigation but those have
li
On 4/14/2025 10:21 AM, Bron Gondwana wrote:
I don't know how many other services which allow their users to
generate emails were similarly affected; but I do know that even a
perfectly legitimate email to its intended recipient (e.g. an invoice
for services rendered) sent to one person can be
On Fri, Apr 11, 2025 at 6:02 PM John Levine wrote:
> According to Richard Clayton :
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >In message <20250411205917.169acc3d1...@ary.qy>, John Levine
> > writes
> >
> >>It appears that Richard Clayton said:
> >
> ++
Participating only:
On Mon, Apr 7, 2025 at 11:11 AM Dave Crocker wrote:
> but let's be clear on my reasoning for using the name DKIM is "it is
> intended to plug into the same place in the stack as DKIM does; and reuse
> the key infrastructure of DKIM - meaning it will be more understandable to
On Sun, Apr 13, 2025, at 13:17, Dave Crocker wrote:
> On 4/13/2025 6:34 PM, Richard Clayton wrote:
>> An average email received at $DAYJOB$ on Friday (UTC) to be placed into
>> the inbox was 81555 characters long; if it was automatically determined
>> to be "span" it was 28921 bytes long.
>
>
>
On Sat 12/Apr/2025 09:52:21 +0200 Dave Crocker wrote:
On 4/11/2025 12:57 PM, Richard Clayton wrote:
The term forwarding is ambiguous. It is used to mean very different types of
behavior.
*If 'forwarding' means every MTA, this is a massive infrastructure
change to the entire Internet Mai
Yes, the reason why each header should be signed should be documented. I
agree with you there.
I don't understand the purpose of the memory aid comment.
I think it is a good thing if a standard prevents users of the standard
defined from shooting themselves in the foot. Similar to newer versions o
14 matches
Mail list logo
