On 20.09.2023 at 04:53 Bill Cole via mailop wrote: > Putting anything other than a single space between the header name and > content is a form of malicious compliance...
>> This change breaks the original sender's c=simple/simple DKIM >> signature. > Yes, I'm sure it does. > Using simple/simple canonicalization is not for people who want robust DKIM > signatures. The relaxed canonicalization of DKIM would fix this particular issue, but relaxed means both the signer and the verifier have to apply modifications to the content before signing/verifying, which might introduce new bugs or edge cases. Therefore I consider the DKIM relaxed mode only a workaround, while the actual solution is that MTAs should not modify messages in transit. If a MTA has not created the message, it should either accept it as is or reject it, if it considers the message to be syntactically broken or a problem for its users. Yesterdays discussion about "Google - Messages with multiple addresses in From: header are not accepted" is a good example in my opinion: The message had an extra whitespace where none belonged, so it is perfectly acceptable to tell the sender that their message is broken and reject it, although from a human perspective it would be trivial to "fix" the message. Someone at Microsoft has blogged about this several years ago https://learn.microsoft.com/de-de/archive/blogs/tzink/why-does-my-email-from-facebook-that-i-forward-from-my-outlook-com-account-get-rejected, but their solution seems not to reduce the changes which are being applied to messages, but to introduce an even larger ruleset about which modification is applied in which situations. So cases of broken signatures will probably accompany us in the future. -- BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
