On 2017 Feb 12, 08:39, Kiss Gabor (Bitman) wrote: > > > Further, how does DKIM prove the message wasn't altered? To my knowledge, > > > SPF proves the message came from a qualified server and DKIM proves the > > > FQDN > > > is a match. > > > > DKIM signs a hash of the canonicalized message body and the set of headers > > specified in the signature. Modify the body or any of those headers, the > > signature breaks. > > Maybe DKIM verification should ignore list tags in the subject > if the first attempt was unsuccesful. > I.e. I could imagine a smarter canonicalization.
It's not so easy, the real world is complicated. If you tried to do that, how would you do it when checking DKIM for a post where the sender has used a Subject line like this?: Subject: [Repost] This is the solution that works If it is your own personal email server, you could try to whitelist the mailing list tags you know you are subscribed to, and feed that info to your DKIM validator. But if you are a big ESP (email service provider), you have no way to know a priori which mailing lists your users just decided to subscribe to, and therefore you don't have that info to feed into your DKIM checking procedure. Suddenly, you are departing from a clear cut way to check DKIM and going to a heuristics-based algorithm to do it. I can see dragons that way... Regards, -- Josh Good
