> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Alessandro Vesely > Sent: Saturday, January 28, 2012 4:10 AM > To: [email protected] > Subject: Re: [marf] r= using localpart > > On the other hand, dkim-reporting has an rd= tag that makes such > flexibility possible. What is the use case where rd= is different than > d=?
If some intermediary is doing your DKIM work for you, you might want that intermediary to receive failure reports as well. But, then again, you could just as easily alias the failure address from your domain to them; this introduces a hop through your own mail servers, but it actually closes a security issue in that domain X can't fake a signature from domain Y on mail to domain Z and request reports go back to X, thus revealing whether or not Z is doing DKIM verification (if it participates in the reporting). So maybe the "rd" for DKIM should just become "r=" which, if present and containing any value (as with "t=y"), then do the rest of the protocol using only the signing domain as the possible destination of reports. -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
