On 2024-08-14, Jeremy Harris via Exim-users <exim-users@???> wrote:
> On 14/08/2024 15:27, Kurt Jaeger via Exim-users wrote:
>> So: user1@domain1 has an autoreply, and the autoreply
>> should be signed with dkim for domain1.
>
> I do not agree.
> The DKIM RFC says that anyone can sign a message.
Yes, but it also says very clearly that it's up to the Identity
Assessor to decide what, if any, trust to place in a message signed by
a domain that is not aligned to the From: header (or other header).
The obvious assessment to make is that it is a forgery signed by the
forger, unless you have particular knowledge of a trust connection
between the originating domain and the signing domain.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/