Thanks, that's what I thought. Large email receivers forward tons of email. This proposal causes email from DMARC-passing messages to be incapable of forwarding. As a large email receiver who gets tons of complaints about breakage of DKIM signatures on forwarded messages which causes DMARC failures [1], this proposal is not all that appealing.
:-\ -- Terry [1] We are working on a fix for this. -----Original Message----- From: Dave Crocker [mailto:dcroc...@gmail.com] Sent: Tuesday, November 15, 2016 5:53 PM To: Terry Zink <tz...@exchange.microsoft.com>; dmarc@ietf.org; ietf-d...@mipassoc.org Subject: Re: [dmarc-ietf] [ietf-dkim] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts On 11/16/2016 10:50 AM, Terry Zink wrote: > This may be a dumb question, but if a DKIM-signature includes the > original recipient, then wouldn't that break the DKIM signature if the > original MTA forwards it to another receiver even if they don't modify > any parts of the message? the proposal is to add the envelope rcpt-to to the signature. change the rcpt-to and yes the signature will break. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
