Yeah, for mailing lists the rewrite + resign method is better, like this
mailing list does, rewrites everything to mailop@mailop.orgAnd then resigns the
mail with their own SPF and DKIM.
-------- Originalmeddelande --------Från: Dave Crocker via mailop
<mailop@mailop.org> Datum: 2024-05-18 20:02 (GMT+01:00) Till:
mailop@mailop.org Ämne: Re: [mailop] (Mis)use of DKIMs length tag and its
impact on DMARC and BIMI On 5/17/2024 7:12 AM, Taavi Eomäe via mailop wrote:>
Although some of these dangers have been known for a while (some parts > are
even described in the RFC itself), things like the threat > landscape, our
approach and the extent to which this can be abused > have changed. In our
opinion previously suggested and (rarely) > implemented mitigations do not
reduce these risks sufficiently.>> We hope that with some cooperation from mail
operators improved > defense measures can be implemented to strengthen DKIM for
everyone. As I recall, the original intent was to permit successful use of DKIM
in spite of mailing lists' addition of footer text.I think the view of damage
from DKIM failure and/or abuse was rather more benign than suits today's email
world.It wasn't a great feature at the time and now it is worse than that.Seems
like the right approach is to seek community-wide pressure to deprecate it.
First through operational pressure and then with an update to the spec.d/--
Dave CrockerBrandenburg
InternetWorkingbbiw.netmast:@dcrocker@mastodon.social_______________________________________________mailop
mailing listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
