Re: AddAllSignatureResults

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Scott Kitterman <ietf-dkim_at_kitterman.com>
Date: Thu, 13 Jun 2013 06:54:07 -0400

On Thursday, June 13, 2013 10:45:59 AM Andreas Schulze wrote:
> I played with some dkim options today to make my domain pass more
> dmarc checks:
> - I do no dkim sign the subject header to allow changes by listservers
> - I set a bodylength limit to allow listservers append a footer

You do realize that now that you have signed messages with length limits in
the wild, anyone can harvest a copy of the message from a list archive, append
arbitrary text to the end of the message, resend it, and it'll pass DKIM. I
would suggest not doing that. In fact, if it were me, I'd move to a new
selector with a new key and never ever set "l" again.

Scott K
Received on Thu Jun 13 2013 - 10:54:23 PST

This archive was generated by hypermail 2.3.0 : Thu Jun 13 2013 - 11:00:01 PST