On Mon 15/Jan/2024 20:49:35 +0100 John Levine wrote:
It appears that Scott Kitterman <skl...@kitterman.com> said:
I don't think that's sensible at all. It's not the place of a signing filter
to modify the message.
A signing filter, as part of an MSA _has to_ modify the message in order to
enhance the possibility that it is transmitted correctly. Besides usual
changes belonging to the core MSA, such as setting Date:, a signing filter
shall take care of signature breaking cases, such as lines beginning with "from ".
I think it would be reasonable to either add a signature for each from
domain or to decline to sign it at all, but since DKIM doesn't care about
from domain at all, I think it would be up to whatever calls the signing
filter to specify.
Not signing and/or leaving a multi-valued From: as is certainly is not a good
service for the users, if they meant their message to be delivered.
Some receivers reject messages with multi-valued From: —after DMARC. OTOH,
MUAs allow it, rightly following the RFCs. What's the way out?
I agree but I'd be more inclined to say don't sign at all, since
multi-valued From headers are rare and as likely as not to be a
mistake.
A use case is when submitting co-authored articles or notes. Yes, it is rare
to type a message four hands, but it can happen, and banning the possibility to
correctly identify the authors is harsh.
Thinking twice, saving the original multi-value to Author: is not enough to
have replies reach every author. Better also use Reply-To:.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc