On 3/5/25 9:14 PM, Murray S. Kucherawy wrote:
On Wed, Mar 5, 2025 at 1:08 PM Michael Thomas <[email protected]> wrote:
I've been reading the draft mentioned in the charter re: replay and
rcpt-to and don't understand why that changes anything wrt replay. If
there is a message that a spammer has discovered passes a recipient's
spam filter, what difference does it make if it's a single smtp
transaction or multiple transactions?
If it's a single recipient message, you can include the recipient in
the signed part of the message.
You could if there were two -- or n for that matter. There may be
practical limits to including a big list of rcpt-to's it into the
DKIM-Signature, but that presupposes that it needs to be encoded in the
signature block which doesn't have to be the case if we don't want to.
That is, we could invent a new trace header called :
Envelope-Information: mf=xxx; rt=yyy
and just sign that header the usual way.
Mike
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
