>It appears that Richard Clayton <[email protected]> said: >>>> 4 repeat until you get back to the original state of the message or a >>>> "z" recipe tells you that you need to unconditionally trust >>>> someone... they presumably have placed an Authentication-Results >>>> header field into the message and you have to use that for your DMARC >>>> and/or reputation calculations. >>> >>>I guess in this case A-R has to be signed? What handling is suggested >>>in such a "z" case if you _don't_ trust the modifier? >> >>if you don't trust someone who modifies a message then I think you >>should refuse to accept the message.
>The idea of the "z" tag is that it's for filtering front ends like Proofpoint >and Mimecast that rewrite URLs and strip attachments. They would only be doing >that to mail sent to recipients who are paying them to do it. >This does mean that remailing such a message back out won't work with DKIM2 >but I haven't seen a lot of mail like that. The rewrites tend to appear in >replies or forwards that are new messages so they're OK. I speak as someone designing/implementing/running such a filtering system. Yes, those kind of modifications (URL rewrites, attachment removal) are generally done on inbound processing shortly before delivery to the recipient's mail system. It certainly does happen in some situations that the recipient's mail system can forward the original email, rather than creating a new email including the original content. Question: I guess it is up to the filtering intermediary's discretion whether it uses z= rather than spell out recipes for the modifications made, accepting the trade offs? For example the filtering intermediary might use z= if the original has known malicious content that it wants to remove all trace of - versus an email that it can establish is established not malicious, in which case it would be useful for the forwarded recipient to have the recipes for reconstruction? New to this thread so apologies if I am reopening old wounds. John ________________________________ Sophos Ltd, a company registered in England and Wales, number 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
