Re: [Ietf-dkim] DKIM-Signature: r=y and MLM

"Murray S. Kucherawy" <> Sat, 18 August 2018 21:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6FC59130E06 for <>; Sat, 18 Aug 2018 14:45:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mIHmtLFH6K_E for <>; Sat, 18 Aug 2018 14:45:43 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 26B32130DE2 for <>; Sat, 18 Aug 2018 14:45:43 -0700 (PDT)
Received: by with SMTP id a134-v6so8282730lfe.6 for <>; Sat, 18 Aug 2018 14:45:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=A+5Bud3IKMmr8FOShC26UkoJ54R+SbEwhB4NvSe+izc=; b=smEKKSr5XTufdTD6ZKhZ1tlBXHIs0fgIniaT2JK2SErV3IYJ4G5iQEnqTNFxmxF0cY oRCrYtXe/iCp5xL1i5FjQZEX8J6ICNmgdneOjsT8/ur9AMEiRuqhotaz2TiX6h3El+UK i3sOnj2VDdQGpn+MSANpRQ9q8ztPJsE6QLwzGA+RxbaZy/SJTrl0xf/RF5HZkTCU2BYI is0SoH4YHi1wzC7E8ULXHV562sHFhRVbpBqLji0iTyE/kgpnA9EP6A+r2wA16jiaFL/V yFr2dDl9PrQ6KvZfnBmAQLJYNIosH/pHakxxUasbFSEM4p7jXL4zvYwplAzPKntK/dxh 0JoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=A+5Bud3IKMmr8FOShC26UkoJ54R+SbEwhB4NvSe+izc=; b=ift0imJTd0ySVXaBuGanc8gRUrHKi9Q5bf6bao+6MKF//w90Mjq8j1l0r+S0WRgqcH 9msw0PpO5+q9aZ5ZSTBJxH4wCKNVPmgvdVV+jW7Tg9896BuIZrlaPgZwcwpIVw1pbQr+ TjTmtCQ8P4QzaewgKRC5IeUYpPKY4SceNUYYS+FM/zQ9fpTLHEZmUiMqye2t2vjABXLm XqCu5rD1g4LQCxGruZFaJeUmYowj+qs47fV5MJtLzu0h6WeDTLFhe8CbEuahnOO5L0gD r3Jka3HlrrSuJaC+xBG0AGcI2mHIFz+m6fI5yAHBHljNKW7gilGNqxO01eVDYhrqFYXm q/7g==
X-Gm-Message-State: AOUpUlFrcFDpvGVUh5G3kP0PAWg0ZqrIdJxNEubu2FKfIUAZM4mL6qQg v4fgo9C1rXgChC98d3Lz2wnGSleW0MT78W4+gLY=
X-Google-Smtp-Source: AA+uWPxQnkDJjmuxazh90X+7rv5jjY/au7ShlOUnzFYPWQPFsZpaaXZ9jqQUtaLq/E4zXxhdZ3xMYw9qmwIH5PTkBuI=
X-Received: by 2002:a19:5353:: with SMTP id h80-v6mr10943679lfb.9.1534628741317; Sat, 18 Aug 2018 14:45:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a2e:3a13:0:0:0:0:0 with HTTP; Sat, 18 Aug 2018 14:45:40 -0700 (PDT)
In-Reply-To: <>
References: <> <>
From: "Murray S. Kucherawy" <>
Date: Sat, 18 Aug 2018 14:45:40 -0700
Message-ID: <>
To: Alessandro Vesely <>
Cc: Dilyan Palauzov <>,
Content-Type: multipart/alternative; boundary="000000000000fd08240573bc98c9"
Archived-At: <>
Subject: Re: [Ietf-dkim] DKIM-Signature: r=y and MLM
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DKIM List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 18 Aug 2018 21:45:47 -0000

On Fri, Aug 17, 2018 at 4:15 AM, Alessandro Vesely <> wrote:

> > The DKIM aggregate reports show whether a server signs correctly all
> mails or
> > not.  If the aggregate reports show that this is sometimes (let's say in
> 1%)
> > not done correctly, the signer has no way to find for which email the
> signing
> > has not worked and cannot fix the signing software, unless a report for
> the
> > failing mail is sent with r=y.
> Well, nope.  Aggregate reports belong to DMARC.  Consider adding a rua=
> address
> to your DMARC record.  Sometimes aggregate reports allow a postmaster to
> pin
> which message triggered it.  If you also set a ruf= address, you might
> receive
> ARF reports as well.


> I suggest here in to suggest in a more formal manner, that MLMs modifying
> a
> > message are supposed to remove the r=y part of just invalidated
> DKIM-Signature
> > and this logic is also applied for ARC, if relevant (I don't know ARC).
> Fixing
> > only ARC will not help, as there is software that follows DKIM, but has
> no idea
> > about ARC.
> AFAIK, ARC is not involved in reporting.  My feeling is that the whole
> topic
> now belongs to DMARC's territory.


As for rfc6651, it also specifies how to obtain reports for ADSP, which was
> moved to Historical status.  Unless your experience testifies to a relevant
> community traction, I'd propose rfc6651 be moved to Historical status too,
> and
> its format description be moved to rfc7489bis, whenever it comes about.

OpenDKIM still implements RFC6651 and finds it useful for debugging
problems with new implementations, so at least from that perspective I
don't think historical status for it is warranted.  If an update is needed
to cover the issues raised here, that's possibly worth pursuing.