(dropping DMARC again) On Wed, Nov 16, 2016 at 9:51 PM, Michael Storz <michael.st...@lrz.de> wrote:
> Version 01 is purely incremental, meaning you can just ignore the new >> tags if you're more worried about breakage of forwarding than the >> attack it's trying to address. >> > > Optional for the sender, yes, but not for the receiving MTA. If the sender > decides to use the new Anti-Replay-DKIM-Signature and has published a DMARC > policy with reject or quarantine, then this policy is implicitly extended > with > "ooh, and btw reject/quarantine ALL indirect emails, even if a normal DKIM > signature could be verified" > That's not correct. The verifying MTA, if it doesn't know the new tags, is unaffected by the new tags because RFC6376 directs the verifier to ignore them. It's as if they weren't there. -MSK
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
