On Sun, May 19, 2024 at 2:41 PM John Levine <jo...@taugh.com> wrote: > Honestly, I don't know. Of the trickle of mail I see with l=, most is > from the libertarian Reason blog with l=1 and the rest is from > Verisign who for some reason sign with l= actual length. > > I suspect I could get Verisign's attention. Reason, who knows, as > likely as not they have some political reason they think it's a good > idea.
When this was released on Friday, I found the worst offenders I could from own spamtrap feed, and correlated most of it to a specific email service provider. I contacted people there on Friday and they tell me that they are releasing a fix today (Monday). I'm light on details and certainly can't take credit for driving this change, but yes, I think it would be good for folks to get the attention of affected email sending platforms as much as possible, directly if possible. > >But there are already major mail receivers who treat any DKIM signature > >containing l= to be invalid. > > That will definitely get their attention. I think that will convert the problem into one that email marketing senders will understand a little more easily. Oops, why are you treating my DKIM-signed messages as though they are not signed? I hear whispers of more mailbox providers moving to act similarly. I think that will help significantly. Removing l= from the RFC still seems like a good thing, so that it will catch up to the operational reality that large/savvy MBPs will already be invalidating signatures containing l=, while driving the point home for smaller providers or those who may be more of a stickler about RFCs. Cheers, Al Iverson -- Al Iverson // 312-725-0130 // Chicago http://www.spamresource.com // Deliverability http://www.aliverson.com // All about me https://xnnd.com/calendar // Book my calendar _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
