(Apologies for top-posting while mobile) There's ample legitimate use of Bcc or equivalent such that I have trouble believing the rules you're talking about here can be taken as universally valid.
Mailing lists or even multi-recipient aliases are additional examples. And since DKIM is (currently, at least) decoupled from the envelope, I think we're also taking across layers here. -MSK On Sun, Dec 11, 2022, 14:46 Michael Deutschmann <[email protected]> wrote: > On Sun, 11 Dec 2022, Murray S. Kucherawy wrote: > > Then from that other account I can spray it to as many recipients as I > > want so long as the only thing I change is the envelope. > > Since the ISP is doing the signing, you can't stop them from using a > signature that protects the To: and Cc: from modification, and in practice > everyone already does that. That means the bonus messages you get to > send via the hack will have mismatched 822 and 821 recipients, equivalent > to a blind-carbon-copy. > > Blind-carbon-copy is already a sign of spam. Long ago, it was because the > bad guys were using open relays, and could spam faster by issuing many > RCPT TO:s to the relay in one transaction. (I remember being puzzled > back then that most of my spam came "To: [email protected]" rather than > my address at the time.). > > In modern times, you still see it from "Nigerian" scammers who seem to be > using real webmail sites and copy-pasting huge address lists into a > literal Bcc: field. > > ---- Michael Deutschmann <[email protected]> > > _______________________________________________ > Ietf-dkim mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-dkim >
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
