On 2020-07-11 at 15:27 -0400, Matt Corallo via mailop wrote: > "Sorry, I think what you're looking for isnt useful, you're misinformed" > isn't exactly a useful response when someone, > especially a customer, asks for something, sadly.
Your customer should detail their threat model, so that they can be given a solution suited to their needs. You don't implement the same solution to "protect your files" if your threat is the cat walking over the keyboard or spies from a foreign country. I would suggest DKIM-signing the headers but not the email body (i.e. use l=0), perhaps not even including the Subject. This, way your customer could send an email saying: > We have agreed that it's dangerous to the Don and our Family to let > Sollozzo live. Will you help us to kill him? and then argue that the email really said: > We are very worried about a possible confrontation and only want the > peace between all parties. the origin and recipients of the email will appear on many email logs, so it'd probably be pointless to hide them. You could go as far as to only sign the Message-Id if you wanted, though. Anyway, it's likely than 5 minutes after that, the other party replied saying "We won't interfere with that" and quoting your full email. DKIM-signed by Office 365. Regards _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
