On Fri 21/Oct/2022 00:53:56 +0200 Douglas Foster wrote:
Aligned DKIM PASS
When an aligned DKIM result is PASS, I don't see that the domain owner needs
any more data collection performed. The verifiable DKIM scope ID should tell
him where the message originated, and the source IP and HELO name tell the last
place it landed before delivery. I cannot see why a domain owner would spend
a lot of time trying to analyze success results, unless his interests have
transitioned from assuring identity to analyzing marketing impacts. We are
not trying to provide marketing data, and any successful use of DMARC for that
purpose seems like an encroachment on the privacy concerns that we want to
minimize.
Non-aligned signatures can be meaningful for various reasons. In that case,
the result of their evaluation is also meaningful. For an example, the
original author's domain signature, before From: was munged, is meaningful. If
it fails, it can be retried after undoing MLM transformation, possibly leading
to secure recognition of the true author. Is that worth its carbon footprint?
And for scope, one may wonder whether the recognized, or failed to be securely
recognized original author's domain deserves a copy of the report. People
prone to set p=quarantine; pct=0 in order to avoid receiving "errors" would
clearly dislike a copy of the report. Others may want it, in order to tune
their DKIM signing configuration.
Duplicates:
If an aligned domain has multiple DKIM signatures and one passes, I suggest
that the PASS is the only one that needs to be reported. If an aligned domain
has multiple DKIM signatures and none pass, I suggest that the first one found
(from the top) is the most important, because it is the last one applied. If
duplicates are reported, disaggregation is increased, so why report data that
is not useful?
Currently, putting 2 signatures, one rsa and one ed25519, is the way to monitor
who supports the latter.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc