[mail-vet-discuss] Proposed "header.b" tag for DKIM signatures

Murray S. Kucherawy msk at cloudmark.com
Wed Mar 24 12:59:55 PDT 2010

> -----Original Message-----
> From: Alessandro Vesely [mailto:vesely at tana.it]
> Sent: Wednesday, March 24, 2010 12:46 PM
> To: Murray S. Kucherawy
> Cc: mail-vet-discuss at mipassoc.org
> Subject: Re: [mail-vet-discuss] Proposed "header.b" tag for DKIM
> signatures
> > To which signature is that result reporting if the verifier simply
> ignored one of them, and both of them had "d=example.com"?
> In case both passed, should the verifier report the same result twice?

I would argue yes.  If your upstream mail provider (think cloud-based mail filtering, software-as-a-service, etc.) does all your verifying for you, I would say it will want to report all information to you and let you provide your own further filtering based on local policy.  In that regard, that provider would be doing you a disservice by giving you needlessly ambiguous results (one "dkim=pass" doesn’t tell you which one passed, and your local policy might actually need to know).

> This consideration assumes that A-R consumers agree with the verifier
> policy, though. Are there consumers who need more insight than that
> provided by their trusted verifiers?

DKIM in general doesn't presuppose that the verifier and the receiver are the same agent.  I don't believe we should here either.

More information about the mail-vet-discuss mailing list