Thanks, Vick. I'm curious, what initially lead you to exclude the message-id from your signature?
On Fri, May 27, 2016 at 5:55 AM, Vick Khera <vi...@khera.org> wrote: > Hi Joel, > > I don't sign my message-id. In fact, I let my MTA create the Message-ID > header and I sign before that in my application. Never been an issue. > > > On Thu, May 26, 2016 at 4:25 PM, Joel Beckham <j...@bombbomb.com> wrote: > >> Are there any negative consequences to consider before excluding >> message-id from our signature? >> >> I'm working towards p=reject on bombbomb.com and found that Securence / >> usinternet.com (A forwarder) gets a measurable percentage of our mail >> and modifies the message-id in the process. This breaks our DKIM signature >> and causes DMARC to fail at the destination. Working directly with them, >> I've learned that they're unable to preserve the signed message-id. >> >> RFC4871 says it "SHOULD be included", but not required. RFC6376 adds, >> which is the part that has me concerned, that: >> >> Verifiers may treat unsigned header fields with extreme >> skepticism, including refusing to display them to the end user or >> even ignoring the signature if it does not cover certain header >> fields. >> >> Thanks! >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> >> > -- JOEL BECKHAM Scalability Architect [image: BombBomb | Face to Face with more people, more often] W: BombBomb.com <http://www.bombbomb.com/> [image: BombBomb | Face to Face with more people, more often]
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
