In article <cabxlfbsyt6lggtzqkyvmr2eh4x2dtbnfq22n1oityeaccex...@mail.gmail.com> you write: >Here's the headers they're signing: h=to:cc:from:subject:reply-to:Date > >The forensic data samples I have show that a number of the messages that >fail seem to have injected different reply-to addresses, some of which >clearly belong to mailing lists. I suspect what's happened is that >researchers have subscribed their research group mailing lists to updates >on specific topics from the government database, and this is changing the >message in transit and breaking DKIM and DMARC.
I wouldn't sign Reply-To, since it's frequently rewritten by mailing lists. As Dave pointed out, DKIM doesn't protect your message, it just asserts that the message the recipient sees is more or less the same as the one that got signed. Personally, I wouldn't think a changed reply-to would make it a different message. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop