On Thu 10/Nov/2022 14:32:16 +0100 Steve Atkins wrote:
The other (more common?) case is that the original recipient is in the signed
822.To, while the new recipient is not in the To: or Cc: headers at all. While
that’s just the same as old-school alias forwarding, and you might not be able
to spot that on any given single email I’d bet that it’s easy to spot and block
at a mailbox provider of any size.
A heuristic I’ve suggested previously is “If the recipient’s email address is
not in the To: or Cc: header then treat the mail as unsigned”.
Or reject it outright unless the From: is in your address book.
Is it true that Bcc: is only used when there is a well established relationship
between author and recipient? For example, I use it to reach my Sent folder,
and reject messages addressed to my Sent folder if they don't come from me.
OTOH, signing Bcc:s would betray their existence, although it can be done
without revealing their content.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim