[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [nmh-workers] ARC: Forwarding with DMARC, DKIM, and SPF.
|
From: |
Ken Hornstein |
|
Subject: |
Re: [nmh-workers] ARC: Forwarding with DMARC, DKIM, and SPF. |
|
Date: |
Tue, 05 Feb 2019 10:07:47 -0500 |
>I haven't studied it in any detail yet, and don't know when I will find
>the time, but I thought it existence might be of interest to some on the
>list, and wondered if dist(1) and others would be users of this new
>technique.
My brief reading of ARC is that it is intended for mailing list software
to create a signature chain (so not only can you verify that it came from
the mailing list domain, but the original message TO the mailing list
can be validated). This matters because mailing lists like to do things
like change the Subject: header and that would break a DKIM signature.
I don't think this is relevant to dist(1); dist(1) would have to know
things like the ARC key, which normally it wouldn't.
And thinking about it ... I don't think the normal usage of dist(1) SHOULD
cause any problems. With regards to SPF, since it uses the MAIL FROM
header that should be fine, since your MAIL FROM should be set properly
to the identity of the dist(1)er. Since you aren't modifying any headers
when using dist(1), the DKIM signature should still be valid. But I could
be wrong about all this.
--Ken