nanog mailing list archives
Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com)
From: Jay Acuna <mysidia () gmail com>
Date: Thu, 4 Apr 2024 02:43:14 -0500
On Thu, Apr 4, 2024 at 1:23 AM Adam Brenner via NANOG <nanog () nanog org> wrote: ..
It seems to me that if msn.com is going to include DKIM headers in their outgoing email, they should also publish their DKIM public key. If they are not going to publish their DKIM public key, then they should not include DKIM headers in their outgoing email.
Microsoft can still sign the message, Even if the signature cannot be verified because they have not yet published the Public Key, for whatever reason. That is a partial/incomplete implementation of DKIM then. The Interpretation of the results by Recipients should be the same as if that Message had not been signed at all. And that domain has not published the policy record to indicate messages must be signed. RFC6376 6.3 Interpretation of Results [ Page 50 ] If the email cannot be verified, then it SHOULD be treated the same as all unverified email, regardless of whether or not it looks like it was signed. See Section 8.15 for additional discussion.
Other Microsoft email accounts and services such as hotmail.com and outlook.com publish their DKIM records. Again, it seems msn.com should as well.
-J
Current thread:
- Microsoft missing public DNS TXT entry for DKIM records (msn.com) Adam Brenner via NANOG (Apr 03)
- Microsoft missing public DNS TXT entry for DKIM records (msn.com) nanog (Apr 03)
- Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com) Jay Acuna (Apr 04)
- Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com) Michael Thomas (Apr 04)
- Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com) John Levine (Apr 04)
- Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com) Michael Thomas (Apr 04)
- Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com) John Levine (Apr 04)