If it's a mailing list, the traffic is not simply passing thru. Since the message is being modified, the signature should at the very least be deactivated.
Or, as we're seeing, into the Junk it goes. Aloha, Michael. -- Sent from my Windows Phone ________________________________ From: John R Levine<mailto:jo...@taugh.com> Sent: 2/4/2016 5:51 PM To: Michael Wise<mailto:michael.w...@microsoft.com> Cc: mailop@mailop.org<mailto:mailop@mailop.org> Subject: RE: [mailop] Gmail throttles anyway > If you're going to do something that will break the DKIM signature as a > matter of course, > You should remove the DKIM signature, and maybe re-sign it with your own. > > You shouldn't break the signature and then forward what was once goodmail > with a now busted signature. Au contraire. You should always preserve all the signatures to make it easier to figure out what happened if there's some sort of trouble down the line. Since the spec says that there is no difference in message handling for a broken signature and one that's not there, could you be more specific about why you think it's important to make forensics harder? Signed, Confused PS: See RFC 6376, section 6.1: Survivability of signatures after transit is not guaranteed, and signatures can fail to verify through no fault of the Signer. Therefore, a Verifier SHOULD NOT treat a message that has one or more bad signatures and no good signatures differently from a message with no signature at all. ... In the following description, text reading "return status (explanation)" (where "status" is one of "PERMFAIL" or "TEMPFAIL") means that the Verifier MUST immediately cease processing that signature. The Verifier SHOULD proceed to the next signature, if one is present, and completely ignore the bad signature.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
