Re: Incoming SMTP in the year 2017 and absence of DKIM (fwd)
In article <6134b4a7-9da8-2935-e9f6-e4374b3fdba4@spamtrap.tnetconsulting.net>, Grant Taylor via NANOG <gtaylor@tnetconsulting.net> wrote:
https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/
The only way that I can think of is for the originating mail server to DKIM sign the message twice, 1st with the classic DKIM-Signature w/o the !fs tag, and 2nd with a DKIM-Signature that includes the !fs tag with a value of of the recipient's domain.
Is this what you were intending? A list of DKIM-Signatures linked via !fs tags?
Yup, with the chain typically having no more than one or two links, since legit forwarding of the kind that might break DKIM is pretty rare more than two deep.
If I do understand correctly, I think that it's intriguing. I'm not aware of anything else that would work quite the same way.
That was the plan. I thought it was pretty clever, but like I said, the large mail systems that developed ARC wanted to put the control with the recipients, not the senders. R's, John
participants (1)
-
John R. Levine