On Sat, Dec 4, 2021 at 4:51 PM Dave Crocker <dcroc...@gmail.com> wrote:
> I'm going to suggest that that analysis is not formally correct. > > The DKIM specification precisely defines validation for the signature > and it precisely defines what coverage is 'required'. > > A receiver can indeed choose to apply stricter requirements, but a > failure to satisfy these is NOT a DKIM fail. The extra requirements are > outside the scope of the DKIM specification and therefore the failure > has nothing to do with the standard. > > This is not a minor point, but it does seem to be a common point of > confusion. > Right, I stand corrected. The distinction is actually in the definition of Authentication-Results, where a DKIM "pass" can be reported as a "policy" result rather than a "pass" when the algorithm completed successfully but some aspect of the signature was not acceptable to the verifier. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc