Murray raised the issue of a signature which produces PASS, but lacks trust because it is constructed with weak coverage, such as omitting the Subject or including an L=valuie clause.
DKIM was designed to be flexible so that it could be used for many purposes. DMARC is a specific purpose and therefore it needs a more specific definition of what a signature should and should not contain. I am proposing that we ensure that all signatures used for DMARC follow a content standard so that all compliant signatures are equally trustworthy. For DMARC, an aligned DKIM PASS should preserve the originator's content, identity, and disposition instructions. Any header that might legitimately be added or removed by a downstream MTA should not be included in the original DKIM signature, as these are likely to produced false DKIM FAIL. Here is a first-pass list of headers that meet these objectives: Date To From Subject Body (absence of L=value) Reply-To In-Reply-To Authenticated-As Doug Foster
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
