Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)

Douglas Foster <> Wed, 27 January 2021 01:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 99CD03A1008 for <>; Tue, 26 Jan 2021 17:50:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Hy9C3kcCgO0l for <>; Tue, 26 Jan 2021 17:50:06 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::930]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8BF363A1007 for <>; Tue, 26 Jan 2021 17:50:06 -0800 (PST)
Received: by with SMTP id t43so213830uad.7 for <>; Tue, 26 Jan 2021 17:50:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=x87fpNcDEPMy+n/FEfbnF52eqfYXPI57LcpRixKNXF4=; b=OxmKJq8ib/k9x92+FLjt6izb5KNcG5Zrl7Mf9Mf6dnm4BR5PCsFXEo4GQhI4XgLFam IvliQZzpfTkOpxXcQLGIhW+B5rUrKalPHBm/nE16LEYQMX4jZVwA6uiMdZ8H890QNANL 5Em8U/gcapsZAiRilCjqZFsDAOLdLHplwzSzj726hddvzzIPTPhdv+WgAjUmLE/ur4OW ugryXm2PNmwuO5shNThEqXiWRSB3/f+151T2dYBPhqGmgyUeJ5fyqbzr96fgLciJLFgq E7/AGIR77etUebUTm2nEWfGvgzlYSj/7L7RIq60Hi2JriX+/v6ysKUieNvtzP2vyaH1o 4ffw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=x87fpNcDEPMy+n/FEfbnF52eqfYXPI57LcpRixKNXF4=; b=BgD6wpv30C2CHKNNc9zQtU6WSsPlvNVCP1f927XW7qvBnMPVpw1xzAAyyFDwhphKrg si7P8EVRL4MpH+ZMDq19kVocIctNZ+0y7deVhbXDH1Y+ueo5Fo83CvCE8x0/bmy0jMUb BL+1bsZxMC8y+utSxVQwirFx61iXarE9E8OWHrVYG61fyRxMhbAiuO+h04PD9/schD5L VU9KZkuRANVgtCMQis3ZcdtRsa1FNk1YwzQVLnLZd7rHgMlZxsj016gnHv/i+ZsQGTUX Yoapx/HV3RK8Eqmp6tY3AyT/JB812Li8BraEEM2HicQnCTy1ssspY/AcqNFcFexLeudw nNGA==
X-Gm-Message-State: AOAM533C77I7sLmGYQ+XGbhCOuyUjWtg7kpqGDkJe48JyVgsQIk1MtHR RKnyr5MtLsWNc0XP5zOW/occsv6EdijMFyLUqarQqU5P
X-Google-Smtp-Source: ABdhPJzPYPFV6ArKeLlmOGkAFSQlARt1sN8puksCuhHnUA6OIl3LFIoFt2HbiijuONQxpiaYT4X7s1Gm90kmnFJHKFU=
X-Received: by 2002:ab0:3043:: with SMTP id x3mr6744434ual.88.1611712205425; Tue, 26 Jan 2021 17:50:05 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Douglas Foster <>
Date: Tue, 26 Jan 2021 20:49:52 -0500
Message-ID: <>
Content-Type: multipart/alternative; boundary="0000000000007c119605b9d7fde2"
Archived-At: <>
Subject: Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Jan 2021 01:50:08 -0000

For indirect mail, the aligned
signature selector tells you where to look for the message origin. The last
hop information tells you where it ended up.

For direct messages, the last hop tells you whether it came from a third
party or internal server, and the aligned signature selector confirms the

In both cases,, verification is secondary, because it mostly indicates
whether the message was modified in transit.

Last hop and aligned selector still seems like a sufficient data set to me.

In fact, asking for extra signatures seems like a backhanded way of trying
to infer the original recipient, but supposedly the recipient is irrevant.

Remember that we are asking systems to collect data for others that they do
not need for themselves.   This is not the place to ask for the moon.

Maybe the massive organizations collect enough data so that the rest of us
do not need to participate.  If so, ask for anything, as the request will
probably not inconvenience them.

Doug Foster