Dave Crocker wrote in <54bcc79e-2cec-4c49-8a5c-0ef64db68...@dcrocker.net>: |On 1/19/2024 6:51 AM, Al Iverson wrote: ... |[.]the scenario of |sending to a collaborating receiver and re-posting a message that has no |differences except the envelope rcpt-to value, does not have a know |solution.
There would be a RFC 6376 backward compatible "solution" with per-receiver-domain DKIM-Subsignature that fixates the SMTP recipients for a particular address. Ie include a flag in the DKIM signature that signals this new methodology, and instead of transferring one email to all receiving domains, send per-receiver-domain instances that contain a DKIM-Subsignature header field that includes envelope receivers especially for this receiver domain. Then an upgraded DKIM verifier on the receiver side could, announced by the flag in the DKIM signature, ensure that only those receivers which are included in the DKIM-Subsignature are actually addressed, and any bad actor that tries to replay the message can be detected since it does not include the DKIM-Subsignature that verifies against the DKIM key of the original sender. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim