On 12 Feb 2025, at 17:45, Alessandro Vesely via mailop <[email protected]> wrote: > Yet, domains that publish strict DMARC policies should put DKIM signatures in > their messages. If you don't alter the message, the signature remain valid > (except for legacy sendmail changes which break them.)
Which changes are those? There are still systems doing 8-to-7bit Q-P conversion that break DKIM because some sender sends 8-bit mail to a server that doesn’t support 8BITMIME and/or some intermediate MTA autodetects 8-bit on content that hasn’t had it declared and stuffs in the headers that break the sender’s DKIM. It is rare enough that it’s tempting to just ignore the corner cases, but it happens. I wish DKIM had been MIME-encoding-aware so this wasn’t a problem, but the only “fix” seems to be to violate RFC 5321 and “just send 8” when forwarding Cheers, Sabahattin _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
