According to Jeremy Harris <[email protected]>: >On 2025/09/22 10:51 PM, Bron Gondwana wrote: >> Current thinking is that DKIM2 will sign EVERY HEADER except a specified set >> of trace headers, meaning that even adding another previously unknown header >> without >declaring that you did so in a signed delta header would break the signature. > >So, an MRA (even if it successfully does a DKIM2 verification on reception) >that >adds some private tracking headers will result in a stored message that fails >DKIM2 checking done by an MUA?
One possible hack is that X- headers are skipped. Or if you really want the MUA to be able to check the signature, something that people keep claiming is useful but I have not seen in practice, the MDA adds another signature describing what it did. R's, John -- Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
