It appears that Inveigle.net <[email protected]> said: >On 23/09/2025 1:36 pm, John Levine wrote: >> Or if you really want the MUA to be able to check the signature, something >> that >> people keep claiming is useful but I have not seen in practice, the MDA adds >> another signature describing what it did. > >We claim it's useful because it is.
Right, people keep saying that. >Client-side, the DKIM-Signature is the most expedient method to identify >malicious content. This says your mail provider's filtering doesn't work. My MDA looks for malicious mail and doesn't put it into the inbox. R's, John PS: >abuse complaints to, with absolute certainty of origin. I also use this >information for legal purposes, including the full subset of DKIM-signed >headers in copies of e-mails supplied as supporting evidence. A header >describing what the MDA did is not a substitute that will withstand >scrutiny. Having done my share of expert witness work, this makes no sense. If you don't trust the MDA's signature, you're not going to trust any of the other signatures, either. _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
