nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com)

From: Jay Acuna <mysidia () gmail com>
Date: Thu, 4 Apr 2024 02:43:14 -0500
On Thu, Apr 4, 2024 at 1:23 AM Adam Brenner via NANOG <nanog () nanog org> wrote:
..

It seems to me that if msn.com is going to include DKIM headers in their
outgoing email, they should also publish their DKIM public key. If they
are not going to publish their DKIM public key, then they should not
include DKIM headers in their outgoing email.


Microsoft can still sign the message, Even if the signature cannot be verified
because they have not yet published the Public Key, for whatever reason.
That is a partial/incomplete implementation of DKIM then.

The Interpretation of the results by Recipients should be the same
as if that Message had not been signed at all.   And that domain has
not published the policy record to indicate messages must be signed.

RFC6376   6.3  Interpretation of Results    [ Page 50 ]

If the email cannot be verified, then it SHOULD be treated the same
   as all unverified email, regardless of whether or not it looks like
   it was signed.

   See Section 8.15 for additional discussion.



Other Microsoft email accounts and services such as hotmail.com and
outlook.com publish their DKIM records. Again, it seems msn.com should
as well.


-J
Previous By Date Next
Previous By Thread Next

Current thread: