On Tuesday, May 19, 2015 11:40:21 PM John Levine wrote: > >I would think you'd have to. There's a replay risk that's unique to this > >type of signature, so I think treating them the same would be a naive > >approach. > Remember that DMARC doesn't tell you that a message is good. The most > it can say is "not so awful that you should automatically reject it." > A sensible implementation will still run the mail through spam > filters like any other mail. > > The risk is that the second signer might be malicious, but that's nothing > new, any signer can be malicious. So do the usual filtering, use the > second signer's reputation.
The challenge here is that the second signer may not have anything to do with the message. Since, except for From, only invisible parts of the message are signed, the signature could be applied to almost any email. Using the reputation of the second signer's domain is not substantially different than using the reputation of an unauthenticated identity. I don't see how that helps. If this is the path we go down, there's got to be something in the second signature that says it's means enough to override the DMARC fail/p=reject determination. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
