On Fri, 29 Aug 2025, Phillip Tao wrote:
Now, you could say that the MUA also has no way to know whether the mail provider correctly implements sending or receiving either, but I would argue that the difference is that those are core functions that have been defined and widely implemented for decades longer than either the DKIM or A-R RFCs have existed. As I'm sure you know, there is a very long tail of MTAs out in the wild. It's not unreasonable to imagine that there's a sizable portion of those which have not yet adopted DKIM or A-R headers.
Since it's basically impossible to get mail into Yahoo without a DKIM signature, and pretty hard into Google or Outlook, I would be surprised if there was an interesting amount of unsigned mail. Perhaps we can ask people we know at large providers what they see. How much do you see at iCloud?
There are millions of VPS with preinstalled MTAs that don't have any authentication configured, but since they send close to no mail, I don't see why we would care.
Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
