On 2/3/23 6:25 PM, Murray S. Kucherawy wrote:
But with respect to replay: Even if To and Cc are signed, there's
nothing in DKIM requiring that they reflect any identities present in
the envelope.
That's not the point. The point is that they are leaving clues to that
the message is suspicious. Not signing To and Subject looks very sketch.
As I said: a preponderance of evidence. As always with spam detection.
Mike
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
