I had to reread a bit the proposal, but I think specifying clearly that these
tags are for the DNS part of the DKIM record would help, just to make it
cristal clear. Putting this information in the DKIM signature header is not the
right place as it could lead to false reports due to fake signatures.
The proposal is to request an email is sent when the signature fails. I would
extend the proposal to send an email (at the liberty of the receiver) when the
signature pass for the following conditions:
-the email contained a virus/malware/phishing
-the email was delivered in the junk folder /suppressed
-the email was flaged as spam by the receiver.
Appropriate text in the ARF report would need to match the above conditions.
I'm worried that sending an email when the signature fails could be triggered
by forged emails rather than by emails that contains dkim errors. DKIM being
clearly defined, a DKIM signed email should be correct/wrong regardless of the
destination. Easy to test the DKIM signature pass on a couple of DKIM
reflectors. Therefore reports due to a failed signature would indicate only
forged emails. I'm not sure what information a sender gains by knowing someone
is forging its signature?
----- Original Message -----
From: "Murray S. Kucherawy" <msk(_at_)cloudmark(_dot_)com>
To: "Franck Martin" <franck(_at_)genius(_dot_)com>,
ietf-dkim(_at_)mipassoc(_dot_)org
Sent: Monday, 15 June, 2009 12:06:04 PM GMT +01:00 Amsterdam / Berlin / Bern /
Rome / Stockholm / Vienna
Subject: RE: [ietf-dkim] General Feedback loop using DKIM
There’s a draft proposal out to add a new tag to keys for doing this. See
draft-kucherawy-dkim-reporting.
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Franck Martin
Sent: Thursday, June 11, 2009 6:04 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] General Feedback loop using DKIM
Reviewing a bit the discussion, I see a technical solution would be to use the
n: tag of the dkim signature to indicate where ARF report should be sent if the
receiver wants to do that.
So the n: tag in the dns could contain something like
{fbl:fblmailbox(_at_)example(_dot_)com}, this would give a hint that the sender
is processing FBL and where ARF reports shold be sent.
[…]
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html