On 12/16/22 3:10 PM, Evan Burke wrote:
I ask because I would assume that a proper DKIM signature
including the
To: header would mean that the message could only be replayed to the
same recipient and pass DKIM validation. -- There is the separation
between the envelope RCPT and the To: / CC: headers.
The separation between RCPT TO and To: (or CC:) is exactly what's
being exploited here. To: is present, the signature covers it and is
valid, but To: does not match the RCPT TO address. Just like BCC delivery.
But the message-id is common across all of the transactions, and it's
normally signed (MUST ?). So you could certainly detect that it's
essentially a big bcc.
Mike
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
