On 5/19/15 4:47 AM, Scott Kitterman wrote: > On May 19, 2015 2:05:18 AM EDT, "Murray S. Kucherawy" <superu...@gmail.com> > wrote: >> On Mon, May 18, 2015 at 10:56 PM, Terry Zink >> <tz...@exchange.microsoft.com> >> wrote: >> >>> Thanks, this is useful. >>> >>> What would the Authentication-Results header look like? Presumably 3 >>> results for DKIM (dkim=fail, dkim=pass, dkim=pass)? And what about >> DMARC? >>> Show one result or two? Or maybe something like >> dmarc=conditionalpass? >> Three DKIM results, one DMARC "pass" result. The idea is that DKIM >> returns >> a "pass" for an aligned conditional signature, which satisfies the DKIM >> algorithm, so long as there's also a passing signature from the "cd" >> domain. >> >> Is there any use in making a distinction to your acceptance/routing of >> messages to know it was based on a conditional signature versus an >> original >> author signature? > I would think you'd have to. There's a replay risk that's unique to this type > of signature, so I think treating them the same would be a naive approach. > > Agreed.
These messages are likely be distributed to many subscribers where each message must contain two linked signatures, the siglet authorizing some third-party domain and a full signature of the third-party domain.. A reasonable expiry is required or delivery becomes unreliable. What will be considered a reasonable delivery window? It seems most MTAs will retry over a period of several days. Email should not be treated like IM unless considering a gateway to a federated IM system. The IM-From header could introduce both an alternative From header field andl act at the IM gateway. The mail transport would ignore this pseudo sub-domain which could also assist in tracking abusive sources. In which case these addresses often indicate the current instance of a on-network client denoted as a pseudo sub-domain of the email-address. Regards, Douglas Otis _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
