Are there any negative consequences to consider before excluding message-id from our signature?
I'm working towards p=reject on bombbomb.com and found that Securence / usinternet.com (A forwarder) gets a measurable percentage of our mail and modifies the message-id in the process. This breaks our DKIM signature and causes DMARC to fail at the destination. Working directly with them, I've learned that they're unable to preserve the signed message-id. RFC4871 says it "SHOULD be included", but not required. RFC6376 adds, which is the part that has me concerned, that: Verifiers may treat unsigned header fields with extreme skepticism, including refusing to display them to the end user or even ignoring the signature if it does not cover certain header fields. Thanks!
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
