In article <799c2b18-97fe-6e22-f2cf-49245ae9c...@gmail.com> you write: >So the extra mechanism is intended an efficiency hack.
No, it also documents the fact that the chain was broken when it arrived at the cv=fail signer. Without it, a subsequent hop can't tell. It probably won't make much difference to spam filters, but it could be useful if you're trying to find and fix forwarders that make gratuitous changes. I think there's a modest benefit to signing with cv=fail, and since you can't count on having a chain (even an invalid one) signing as if it were cv=none seems reasonable. R's, John PS: Once there is a cv=fail seal, there doesn't seem to be any point to adding any more seals in later hops. It's dead, Jim. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc