On Mon, Jul 6, 2020 at 7:31 AM John R Levine <jo...@taugh.com> wrote:
> > That isn't a new attack though, given spammers sign their email already. > > This way you have (in theory) two good signatures: one from the author > for > > the "safe" form of the message, and one for the spam that got bolted on, > > and you could in theory strip the spam before you deliver because you > know > > exactly what it is. > > But then what? Surely we're not going to revisit the WKBI of showing > different parts of the message in different colors depending on whether > they're signed. If it's got bolted on spam, you treat the message as spam > so I don't see that this has gained you anything. > No, I'm not saying render them differently. I'm saying that if the second signature passes, then the second one signed the bolted-on spam but also told you how to strip it away to get the original. So, do that; if the author signature now passes, you have the original "clean" message to show instead of the hijacked message. If not, you have a spammy message to deal with, as before. If the second signature doesn't pass in the first place, then it's ignored, and you still have spam to deal with. Of course, the original message might be spam too, but that's not new either. This isn't meant to solve spam. It's meant to deal with the legitimate MLM+DKIM+DMARC case. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc