On 7/6/2020 10:03 AM, John R Levine wrote:
No, I'm not saying render them differently. I'm saying that if the
second
signature passes, then the second one signed the bolted-on spam but also
told you how to strip it away to get the original. So, do that; if the
author signature now passes, you have the original "clean" message to
show
instead of the hijacked message. If not, you have a spammy message
to deal
with, as before.
I don't understand this scenario at all. Why would I want to show my
user a message forwarded by a spammer? If the original sender wanted
me to see it, she could have sent it to me directly, or through a
legit mailing list.
Perhaps, like some others, I'm not understanding this correctly, but I
think the proposal has nothing at all to do with what the recipient
sees. Rather, I've understood this as an attempt to reverse additions
made by a Mediator, with the goal of validating the origination DKIM
signature. Presumably that is so as to use the origination domain's
reputation and even permit DMARC to validate.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc