Incoming SMTP in the year 2017 and absence of DKIM (fwd)
John R. Levine
johnl at iecc.com
Sat Dec 2 19:51:16 UTC 2017
In article <6134b4a7-9da8-2935-e9f6-e4374b3fdba4 at spamtrap.tnetconsulting.net>,
Grant Taylor via NANOG <gtaylor at tnetconsulting.net> wrote:
>> https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/
>The only way that I can think of is for the originating mail server to
>DKIM sign the message twice, 1st with the classic DKIM-Signature w/o the
>!fs tag, and 2nd with a DKIM-Signature that includes the !fs tag with a
>value of of the recipient's domain.
>Is this what you were intending? A list of DKIM-Signatures linked via
>!fs tags?
Yup, with the chain typically having no more than one or two links,
since legit forwarding of the kind that might break DKIM is pretty
rare more than two deep.
>If I do understand correctly, I think that it's intriguing. I'm not
>aware of anything else that would work quite the same way.
That was the plan. I thought it was pretty clever, but like I said, the
large mail systems that developed ARC wanted to put the control with the
recipients, not the senders.
R's,
John
More information about the NANOG
mailing list