On 25/11/2020 20:16, Michael Thomas wrote:
On 11/25/20 11:11 AM, Alessandro Vesely wrote:
On 25/11/2020 19:24, Jesse Thompson wrote:
On 11/25/20 11:30 AM, Alessandro Vesely wrote:
Without resorting to ARC, it is still possible to validate author domain's
signatures directly if the MLM just adds a subject tag and a footer, like,
for example, this list does. While ARC solves "deep" forwarding problems,
which may arise in the context of email address portability, MLM
transformation reversion solves the simpler mailing list problem, including
reverting munged From:'s.
I agree that ARC isn't really needed to do this (trust the last hop from the
MLM and determine the original authenticity from the MLM's perspective)
I didn't mean to trust the MLM. I meant remove the subject tag and the
footer, then the original DKIM signature verifies. See:
https://datatracker.ietf.org/doc/draft-vesely-dmarc-mlm-transform/
When I was at Cisco, with l= and some subject line heuristics I could get
probably like 90+% verification rate across the entire company, a company that
uses external mailing lists a lot. Definitely not 100% though.
DKIM itself is not 100%. You always have lines beginning with "From " or
occasional autoconversions.
l= doesn't cover multipart/alternative nor Content-Transfer-Encoding: base64.
In addition, the DKIM spec discourages its usage and suggests that "Assessors
might wish to ignore signatures that use the tag."
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
