Yes, that is a limitation. However, that's a DMARC problem, not a DKIM problem. (Also, arguably not a huge problem, but again, that discussion is probably more appropriate for the DMARC list, and is not relevant to the DKIM discussion here).
- Phillip > On Aug 22, 2025, at 12:07 AM, John R. Levine <[email protected]> wrote: > > On Thu, 21 Aug 2025, Murray S. Kucherawy wrote: >>> However, we've found that there are other policy decisions we want to >>> apply to messages based on DKIM/DMARC status. For technical, security, and >>> liability reasons, simply getting the DKIM/DMARC status from the >>> Authentication-Results is not sufficient for this. >> >> Can you explain why? This is exactly what A-R was made to do. > > It also occurs to me that the MUA can't directly check the SPF result because > it doesn't know what IP the message was sent from. It could look at the > Received haders, but if it's going to believe them, why wouldn't it also > believe the A-R? > > R's, > John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
