On Sun, Jan 5, 2025 at 7:11 PM Michael Thomas <[email protected]> wrote:
> On 1/5/25 7:07 PM, Murray S. Kucherawy wrote: > > > On Sat, Dec 28, 2024 at 6:31 PM Bron Gondwana <brong= > [email protected]> wrote: > >> >> - The SMTP RCPT TO address might not be present in the signed header >> fields of an email, meaning that the same message can be sent to >> arbitrarily many recipients, and those recipients can not tell if the >> signer intended to them as recipients. >> >> > Am I poking a hornet's nest here, or is it safe to state that this is the > commonly understood definition of "DKIM replay"? > > No. See: crashed and burned. > I don't think you're talking about the same thing I am. I'm talking about the definition provided in Section 8.6 of RFC 6376. There's at least anecdotal evidence that this is a problem these days, and if that bullet can be referenced using a common term, I think it should. (And let's try to be constructive here.) -MSK
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
