Jesse Thompson wrote in <f0ef5677-9ccd-44c9-b6d4-858d53d36...@app.fastmail.com>: |Just a quick clarification: | |You mentioned below that you didn't understand what ESP meant. I honestly \ |have a hard time unraveling the nuanced differences of Email Sending \ |Provider and MTAs, MSAs, MDAs, MTAs, "intermediary" and "forwarder"; \ |all of which an ESP could be providing as a service, depending on the \ |lens one looks at it.
Sure, why not. |On Sat, Aug 12, 2023, at 2:31 PM, Steffen Nurpmeso wrote: |> The only remaining option spammers would have is stripping DKIM |> entirely, as you say. | |It's not what I was saying. If DKIM is what is used by ESPs to authentic\ |ate message submissions, and the fallback for non-DKIM signed mail \ |is to allow the submission, then certainly that is something spammers \ |would leverage. That seems like an unlikely scenario since ESPs require \ |other forms of authenticating message submission. | |I was saying that the ESP would need to strip an existing DKIM signature \ |if it is at risk of replay, and apply it's own pre-RCPT signature in \ |its place (or at least add the additional signature if it knows that \ |receivers will take both signatures into consideration and the original \ |signature is not invalidated by the message modification). What the heck are you trying to say. Sorry for that. Why "risk of replay", what shall that be? Pre-RCPT is a typo for per-RCPT? Have you read the proposal? You are fooling around. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim