[Ietf-dkim] Re: New I-D: A Deployment Profile for DKIM2 via Milter Interface

[Emanuel Schorsch <emschorsch@gmail.com>]

Personally, I think the UX would need to be redesigned to have any chance
at not introducing very problematic phishing opportunities. Suppose I've
received an email from noreply@irs.gov, I can now modify some links and
create some very attractive phishing opportunities. Even if it takes a lot
of iteration, I will eventually find a phishing link that makes it through
any content ML analysis. Even if you only allow text only "signatures", you
can easily add text to "please call this number to make your payment" which
some people will fall for. To me, that makes displaying the original
fromHeader unacceptable, it introduces too much risk. I would probably lean
towards instead treating any body modification as a DKIM fail and showing
the new fromHeader. And definitely any BIMI checkmarks / logos should not
be shown unless the actual DKIM/SPF is passing. Maybe, you could create a
safe set of mailing lists that are allowed to make changes or sets of
changes that are allowed (small text only subject additions) etc. but in
general treating as DKIM pass seems more risk than reward.

But I am curious to see how others are considering using the body
modifications. In general, it definitely would be useful to have the
content changes as information to an ML system which is generally making
reject/accept/spam-folder decisions. I am much more skeptical about using
it as input to a decision for whether to treat the message as DKIM/DMARC
pass.

Best,
Emanuel

On Thu, Apr 16, 2026 at 9:17 AM Richard Clayton <richard@highwayman.com>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In message <79ca14fb9642f590200989ecf86e12c5@itb.it>, Vittorio
> <v.moccia@itb.it> writes
>
> >It is also worth noting that the prototype implementations of DKIM2
> >demonstrated so far, including those shown at the IETF hackathon, have
> >been milter-based.
>
> Mine was not
>
> - --
> richard @ highwayman . com                       "Nothing seems the same
>                           Still you never see the change from day to day
>                                 And no-one notices the customs slip away"
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPsdk version 1.7.1
>
> iQA/AwUBaeEJXGHfC/FfW545EQIaWgCeLsYnH290seHDwS4JkNaHqj7Iu1EAoJKx
> Ow+F9a4Ke86QysJHMy72f8Si
> =/aa1
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Ietf-dkim mailing list -- ietf-dkim@ietf.org
> To unsubscribe send an email to ietf-dkim-leave@ietf.org
>