On Sun, Aug 20, 2017 at 6:25 PM, Bron Gondwana <br...@fastmailteam.com> wrote: > > Right - so how exactly does that help, given that you've modified the > message since then? You could easily change the message-id at the same > time. If the original DKIM-Signature still passes then sure, you can't > modify anything. But then you don't need ARC anyway. > > If the DKIM signature allowed you to tell that some of the protected > headers were unchanged while allowing others to change, then it would mean > something - but the whole point of ARC is for when DKIM doesn't validate > any more, and if DKIM doesn't validate any more then the message-id can be > spoofed too. > > Do we think there's any utility to adding more message info to the AS, such as message-id?
We originally tried to keep them very separate, but we could combine the AS with the concepts of the "weak DKIM" signature we talked about a while back. It equally doesn't prevent any individual attack, but perhaps there are other benefits in aggregate. I could also easily imagine some utility for having AMS include the z= DKIM tag, though this may get into the weeds of what can be used programmatically to determine spamminess/reuse vs expert user forensics after the fact. Brandon
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
