I dont know this is that new with regard to DMARC. missing citation: https://www.usenix.org/system/files/sec20-chen-jianjun.pdf
It is, however, the first time someone tries to combine with BIMI. Every a few months we see a paper / blogpost that passes SPF / DKIM / DMARC. So maybe requiring both SPF and DKIM for BIMI would be a good idea. On Fri, May 17, 2024 at 3:14 PM Taavi Eomäe via mailop <mailop@mailop.org> wrote: > On 17/05/2024 18:37, Slavko via mailop wrote: > > I didn't get what is **new** in it, nor how length of RSA keys is related... > > Turning the original content into a comment seemed novel to us, should in > theory yield better forgeries than just adding new boundaries. Gmail's > "show original" also seems to hide such comments for some reason (making it > extra nasty). > > > The l= DKIM tag was problematic in time of RFC, the Content-Type > constructs core of message, thus have to be (over)signed already. > > As written, it has been known for a while. But given how prevalent it > really is and how it has opened up new avenues of abuse, we felt it was > time to call for some action once again. > > > Best Regards > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop