Re: [ietf-smtp] broken signatures, was Curious
2020-07-22 02:38:14
Hello,
A better (but annoying) reason is there are a smattering of servers which
reject messages
based on broken DKIM signatures, against the rfc.
This does not have to be against the RFC.
An open source software for doing DKIM, that was last released
(tagged/a tarball was created) in May 2015, got a bugfix in October
2015. Whoever uses the released version, does for some emails the
DKIM calculations wrong. This gets evident, after evaluating a lot of
aggregate reports on a semi-busy server. Since the users of the
software do not understand DKIM/do not evaluate the aggregate reports
for their own servers, their keep running the unpatched software. So
some correct DKIM headers are validated as wrong, and bad DKIM headers
are inserted. When DMARC says to reject messages that do not validate
DKIM, and either the recipient considers valid DKIM as invalid, or the
sender inserts invalid DKIM, then advancing from DKIM to DMARC/ARC
does not make sense.
SMTP-rejecting a suspicious message is much better that delivering the
message to a recipient so, that the recipient is likely to overlook it.
To sum up, if a message is rejected because
- the DKIM was broken, so the rejection is against the RFC (no DMARC
involved), or
- the DKIM was correct, but the DKIM evaluation software on the
recipient site has bug in the calculation algorithm and the sender
published DMARC reject, or
- the DKIM was inserted by software that does the signing wrongly, the
sender publishes DMARC reject, and the recipient applies the RFCs
correctly
has all the same consequences.
Finding and resolving DKIM bugs, not limited to DNS troubles, is
essential to bring DKIM/ARC/DMARC forward. My opinion is that there
is no willingness in email operators to assist each other on this.
Cooperation on the matter means, more or less, sending individual
failure reports (otherwise one is not going to acknowledge, that s/he
uses DKIM-software with bugs).
Greetings
Дилян
----- Message from Brandon Long
<blong=40google(_dot_)com(_at_)dmarc(_dot_)ietf(_dot_)org> ---------
Date: Tue, 21 Jul 2020 13:35:29 -0700
From: Brandon Long <blong=40google(_dot_)com(_at_)dmarc(_dot_)ietf(_dot_)org>
Subject: Re: [ietf-smtp] broken signatures, was Curious
To: John Levine <johnl(_at_)taugh(_dot_)com>
Cc: ietf-smtp <ietf-smtp(_at_)ietf(_dot_)org>
On Tue, Jul 21, 2020 at 1:19 PM John Levine <johnl(_at_)taugh(_dot_)com> wrote:
In article
<20200721073749(_dot_)Horde(_dot_)BvL2fIPJNN50jFlj5GWcj_e(_at_)webmail(_dot_)aegee(_dot_)org>
you write:
>As useless mail headers do make emails heavier, I am in favour of
>removing DKIM-Signature headers, that are known to be broken, e.g.
>because the current host has modified (and resubmitted) the message.
The amount of bandwidth used by e-mail is a rounding error of the
Internet's total, which is mostly video these dayts, and the amount
used by broken headers is a rounding error on that rounding error.
Look at the headers of the mail in your inbox, particularly mail from
large providers, and you'll find megabytes of headers that nobody is
ever likely to look at or use. This battle was over decades ago.
A better (but annoying) reason is there are a smattering of servers which
reject messages
based on broken DKIM signatures, against the rfc.
Brandon
----- End message from Brandon Long
<blong=40google(_dot_)com(_at_)dmarc(_dot_)ietf(_dot_)org> -----
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-smtp] Curious, with this now being associated to emailcore, should list name change?, (continued)
- Re: [ietf-smtp] Curious, with this now being associated to emailcore, should list name change?, Hector Santos
- Re: [ietf-smtp] Curious, with this now being associated to emailcore, should list name change?, Dilyan Palauzov
- Re: [ietf-smtp] Curious, with this now being associated to emailcore, should list name change?, Michael Richardson
- Re: [ietf-smtp] Curious, with this now being associated to emailcore, should list name change?, John C Klensin
- Re: [ietf-smtp] Curious, with this now being associated to emailcore, should list name change?, Hector Santos
- Re: [ietf-smtp] broken signatures, was Curious, John Levine
- Re: [ietf-smtp] broken signatures, was Curious, Brandon Long
- Re: [ietf-smtp] broken signatures, was Curious, John R Levine
- Re: [ietf-smtp] broken signatures, was Curious,
Dilyan Palauzov <=
- Re: [ietf-smtp] broken signatures, was Curious, John Levine
- Re: [ietf-smtp] broken signatures, was Curious, Hector Santos
- Re: [ietf-smtp] broken signatures, was Curious, Paul Smith
- Re: [ietf-smtp] broken signatures, was Curious, John C Klensin
- Re: [ietf-smtp] broken signatures, was Curious, Michael Richardson
- Re: [ietf-smtp] broken signatures, was Curious, Kurt Andersen (b)
- Re: [ietf-smtp] broken signatures, was Curious, Michael Richardson
- Re: [ietf-smtp] broken signatures, was Curious, Hector Santos
- Re: [ietf-smtp] broken signatures, was Curious, Alessandro Vesely
- Re: [ietf-smtp] broken signatures, was Curious, John Levine
|
|
|