On Sat 04/Feb/2023 04:45:15 +0100 Michael Thomas wrote:
On 2/3/23 6:25 PM, Murray S. Kucherawy wrote:
But with respect to replay: Even if To and Cc are signed, there's nothing in
DKIM requiring that they reflect any identities present in the envelope.
That's not the point. The point is that they are leaving clues to that the
message is suspicious. Not signing To and Subject looks very sketch.
As I said: a preponderance of evidence. As always with spam detection.
Does that mean that, in case the submission server doesn't trust the current
author, it should create a signature where To: and/or Subject: are not covered,
in order to rise suspicion at receivers?
That sounds convoluted. I still prefer [email protected].
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
