On 24/09/2025 3:33 am, John Levine wrote:
abuse complaints to, with absolute certainty of origin. I also use this
information for legal purposes, including the full subset of DKIM-signed
headers in copies of e-mails supplied as supporting evidence. A header
describing what the MDA did is not a substitute that will withstand
scrutiny.
Having done my share of expert witness work, this makes no sense. If you
don't trust the MDA's signature, you're not going to trust any of the
other signatures, either.
There is a vast gap between what you choose to trust and what is and
remains cryptographically verifiable.
Clayton et al. did not appear to mandate requirements for MDAs. After
further review, however, I note they bundled that functionality under
"Forwarders", so technically there should be a valid signature available
client-side evaluation. DKIM1 signatures are normally not added by MDAs,
so if there is any value in the MDA signing the message at all, then the
same must be true for an MTA performing client-side verification as it's
evaluating the same information.
It's incorrect to say the MDA's filtering doesn't work; mine is 100%
effective at performing its intended task - delivering e-mail. The fact
that I choose to perform validation differently does not make it wrong.
Regards,
R. Latimer
Inveigle.net
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
