Hi, On 15.05.2025 08:36, Matthew Tse via mailop wrote:
Is my thinking correct--that we should stop DKIM signing forwarded emails, and rely on ARC? Also let me know if this is not the right place or type of question to ask here!
There's no valid reason why you should stop signing, while there are reasons why you should not stop. ARC might make things slightly easier in cases where the receiver is ARC aware and can trust your signatures, so if you can do it, do it.
But someone breaking DKIM on all the letters they receive is a problem they have to solve. Even your signature aside, they'd be breaking the original one (if there is one) and there's no hope for SPF. They would also have to be the ones using ARC to record authentication results before mangling. Otherwise such unauthenticated letters will indeed end up going to spam unless they exempt their security gateway.
Best, Taavi _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
