On Mon 14/Nov/2022 05:50:42 +0100 Roland Turner wrote:
I'd point out that all but one of those things is either redundant (vs. say ARC), unacceptably harmful (we use DKIM *in the first place* to facilitate forwarding outside of the domain-registrant/sender's control), or both.
+1, Scott is right when he says DKIM is working as designed.
The exception is a standardised mechanism to allow a sender/signer to indicate the [approximate] number of intended recipients, with which receivers might make fact-based decisions about when to recognise an instance of this particular attack
For a mailing list, this is totally out of reach, unless the MLM itself is the (ARC) signer. Even then, when the MLM knows there are 1000 subscribers, should it extract the average per domain weight? I mean if 500 are @gmail.com and just 1 is @tana.it, should it extract the right figures for each receiver or send a rough total, which smaller mailbox providers cannot use?
BTW, we all know that mailing lists send one message at a time, doing VERP for each subscriber. They can more easily include the recipient in the ARC signature. However, any spammer can do the same.
Best Ale -- _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
