[dmarc-discuss] Yahoo! DKIM Signing Practices Produce Fragile Signatures

Elizabeth Zwicky zwicky at yahoo-inc.com
Mon Oct 6 12:10:48 PDT 2014

Yes, we intend to drop Content-Length.
Elizabeth Zwicky
      From: Scott Kitterman via dmarc-discuss <dmarc-discuss at dmarc.org>
 To: dmarc-discuss <dmarc-discuss at dmarc.org> 
 Sent: Monday, October 6, 2014 11:01 AM
 Subject: [dmarc-discuss] Yahoo! DKIM Signing Practices Produce Fragile Signatures
With obvious implications for DMARC failures.  See the postfix-users thread 
that starts here:


It would be helpful if Yahoo! were to dial this back a bit and stick with the 
recommended fields to sign (i.e. drop Received and Content-Length).  Signing 
those fields inevitably makes the signatures more fragile.

Scott K
dmarc-discuss mailing list
dmarc-discuss at dmarc.org

NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20141006/8ecd3e1e/attachment-0001.html>

More information about the dmarc-discuss mailing list