I'm not sure I follow; SPF being a given and assuming a mail list domain
is at p=reject, lists that do header from munging for participants at
p=quarantine/reject policy should still sign their own valid*aligned
*DKIM signature to pass DMARC for the mail list domain.
The intended purpose of the section seems pretty clear to me (barring
the suggestion I raised for clarification), if you publish a strict
DMARC policy, one also wants to sign valid, aligned DKIM as well to pass
DMARC.
- Mark Alley
On 1/9/2024 7:07 AM, Benny Pedersen wrote:
Alessandro Vesely skrev den 2024-01-09 12:35:
On 02/01/2024 21:47, Mark Alley wrote:
Actually, thinking about it some more, simply inserting the word
"aligned" between "valid" and "DKIM" would address it.
"/It is therefore critical that domains that publish p=reject *MUST
NOT* rely solely on SPF to secure a DMARC pass, and *MUST *apply
valid *aligned *DKIM signatures to their messages./"
+1, non-aligned signatures don't help DMARC.
question to you is, why should maillists be aligned ?
fix is NOT srs !
dkim spec should not allow reject of failed dkim, this is a job for
dmarc, but this have to be solved first
all else live in good intention :)
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
