On 2024-05-18 at 17:12:11 UTC-0400 (Sat, 18 May 2024 21:12:11 +0000)
Gellner, Oliver via mailop <oliver.gell...@dm.de>
is rumored to have said:
On 18.05.2024 at 21:02 Dave Crocker via mailop wrote:
[...]
Seems like the right approach is to seek community-wide pressure to
deprecate it. First through operational pressure and then with an
update to the spec.
I‘m with you on the operational pressure to deprecate the length
attribute, however this requires MTA software that allows you to
differentiate between DKIM signatures with and without l. Is there any
other than the mentioned mailauth, which doesn’t seem to have a
direct MTA integration.
It would be easy enough to write a SpamAssassin rule for this or to make
such a check part of the local config for MIMEDefang or MailMunge (both
of which use arbitrary Perl for their local config.) It could even be
done in a Postfix header_check if you don't ask much subtlety of it.
Changing the existing DKIM specification is probably a big challenge.
Another approach could be to update the wip BIMI specification with a
statement that a DMARC pass must be ignored if it is solely based on
valid DKIM signatures with length attributes. The BIMI specification
already contains such exceptions, like DMARC quarantine policies that
must be ignored if they include a pct value of less than 100, so this
wouldn’t be completely new grounds.
BIMI seems like a very gentle tool for operational pressure.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
