It would be impolite to name names at this stage, and the appropriate time to talk publicly about details is once those sending platforms have begun signing the fields recommended in the RFC. That said, I'm sure you can imagine the kinds of problems key unsigned headers might pose in the context of DKIM replay.
On Mon, Apr 14, 2025 at 9:08 PM Dave Crocker <[email protected]> wrote: > On 4/14/2025 11:41 PM, Burke, Evan wrote: > > Regardless of the specific words we may use to describe it, I've seen some > very large email platforms omit some important headers in their DKIM > signatures - headers explicitly recommended by the DKIM RFC - and I've seen > that absence enable real-world abuse. > > > Please provide specifics. > > d/ > > -- > Dave Crocker > > Brandenburg InternetWorkingbbiw.net > bluesky: @dcrocker.bsky.social > mast: @[email protected] > >
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
