On Fri 09/Jun/2023 11:14:29 +0200 Barry Leiba wrote:
One case I saw multiple times where DKIM fails while SPF verifies is when the
message contains a line starting with "from " which some agent changes to
">from ". Some signing software eliminates such lines before signing, but
that's not in the spec, so one cannot say a signer is defective if it doesn't
do it.
Have you seen that happen in the MTA relay process (in transit), or
only after final delivery? I can see that an MDA or a recipient MUA
might do that, but it should *not* happen in transit, so it shouldn't
affect DMARC processing. Do you have actual examples where an MTA is
making that change and breaking the DKIM sig?
I recall it was a problem, which is why I coded the replacement (I add a space,
not a '>'). In the early years, DKIM suffered mime-autoconversions that many
MTA were applying just for fun. And there were some other corner cases that
now defeat my recollection.
Anyway, having a second string at one's bow is not a defect, unless it's set up
in a defective way. But also DKIM can be misconfigured, which is not a good
reason to eliminate it. Having both increases the chances of success.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
