RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 6376, "DomainKeys Identified Mail (DKIM) Signatures", September 2011

Note: This RFC has been updated by RFC 8301, RFC 8463, RFC 8553, RFC 8616

Source of RFC: dkim (sec)

Errata ID: 5551
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Borislav Petrov
Date Reported: 2018-11-09
Rejected by: Barry Leiba
Date Rejected: 2019-04-30

Section 6.3. says:

If an MTA does wish to reject such
   messages during an SMTP session (for example, when communicating with
   a peer who, by prior agreement, agrees to only send signed messages),
   and a signature is missing or does not verify, the handling MTA
   SHOULD use a 550/5.7.x reply code.

   Where the Verifier is integrated within the MTA and it is not
   possible to fetch the public key, perhaps because the key server is
   not available, a temporary failure message MAY be generated using a
   451/4.7.5 reply code, such as:

   451 4.7.5 Unable to verify signature - key server unavailable

   Temporary failures such as inability to access the key server or
   other external service are the only conditions that SHOULD use a 4xx
   SMTP reply code. 


This contradicts RFC5321 which says:

...a relay SMTP has no need to inspect or
act upon the header section or body of the message data and MUST NOT
do so except to add its own "Received:" header field...

There is nothing in the cited text above that suggests modifications to the message. The text only talks about which SMTP reply codes to use.

Report New Errata

Advanced Search