On Mon, Aug 7, 2023 at 9:23 PM Jesse Thompson <z...@fastmail.com> wrote:
> On Mon, Aug 7, 2023, at 10:54 PM, Murray S. Kucherawy wrote: > > On Mon, Aug 7, 2023 at 8:00 PM Emanuel Schorsch <emschorsch= > 40google....@dmarc.ietf.org> wrote: > > If there are not that many BCC recipients for a message then it is likely > not necessary as the duplicate message counting is unlikely to have a > negative impact. If there are a large number of BCC recipients for a given > message then I think the solutions proposed in Wei's DARA draft are > helpful: standardizing the way to indicate BCC/Forwarded-To and signing a > separate copy of the message for each BCC recipient so that it can still be > verified as direct mail. > > > Doesn't putting "invisible" recipients into an actual field like Bcc > create a privacy concern, i.e., they're no longer invisible? You need to > hope that the agents in the handling chain that are supposed to delete that > field will actually do it, which presumes the entire deployed base will > adopt DARA in a reasonable period of time. > > > According to RFC 5322 it should be handled correctly by "but the > recipients on the "Bcc:" line get a separate copy of the message containing > a "Bcc:" line" > > [...] > As you cited, RFC 5322 describes three ways that the "Bcc" field is typically used. You're talking about just one of those, and I'm not sure it's the most common one. In any case, I suggest that "should" is a bit of a leap, especially given that the choice of which of the three to use is described as "implementation dependent". The second part of your citation confirms the risk to which I was referring. -MSK, participant
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
