On 2/17/23 9:34 AM, Scott Kitterman wrote:
Currently RFC 6376 says, "Signatures MAY be considered invalid". I think the practical effect as described in protocol terms would be to change the MAY to SHOULD under X conditions and SHOULD NOT under !X conditions. Not that I'd expect to see this appear in a protocol document (maybe some kind of applicability statement). It does create a circumstance where indirect mail flows look inherently less good (since they take longer), which I don't like. On the other hand, if X is set more than a minute or so in the future, mostly what is affected is mail that is delayed in transit, direct or indirect and maybe that's okay.
I think that the bulk senders who would be dialing down x= are not particularly worried about being sent through mailing lists.
Which brings up another question which is applicable to the problem statement: are mailbox providers like gmail, hotmail, etc getting abused from these replays? Some spam from [email protected] doesn't seem like a very good address from arriving spam. For that matter, do bulk senders even allow their domain to be the From domain? It seems like a pretty easy way to not affect their reputation is to require that the mail be sent in the name of somebody else's domain.
Mike _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
