[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Incoming SMTP in the year 2017 and absence of DKIM (fwd)

Subject: Incoming SMTP in the year 2017 and absence of DKIM (fwd)
From: johnl at iecc.com (John R. Levine)
Date: 2 Dec 2017 14:51:16 -0500

In article <6134b4a7-9da8-2935-e9f6-e4374b3fdba4 at spamtrap.tnetconsulting.net>,
Grant Taylor via NANOG  <gtaylor at tnetconsulting.net> wrote:
>> https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/

>The only way that I can think of is for the originating mail server to
>DKIM sign the message twice, 1st with the classic DKIM-Signature w/o the
>!fs tag, and 2nd with a DKIM-Signature that includes the !fs tag with a
>value of of the recipient's domain.

>Is this what you were intending?  A list of DKIM-Signatures linked via
>!fs tags?

Yup, with the chain typically having no more than one or two links,
since legit forwarding of the kind that might break DKIM is pretty
rare more than two deep.

>If I do understand correctly, I think that it's intriguing.  I'm not
>aware of anything else that would work quite the same way.

That was the plan.  I thought it was pretty clever, but like I said, the 
large mail systems that developed ARC wanted to put the control with the 
recipients, not the senders.

R's,
John

Prev by Date: OSPF Monitoring Tool
Next by Date: Suggestions for a more privacy conscious email provider
Previous by thread: Suggestions for a more privacy conscious email provider
Next by thread: Ticketmaster?
Index(es):
- Date
- Thread