On Fri, Aug 11, 2023, at 4:34 PM, Steffen Nurpmeso wrote:
> Jesse Thompson wrote
> The aspect of DKIM-subsignatures revealing Bcc: presence (of 1+
> recipients of a domain) if a Bcc: recipient replies to a message
> that Murray Kucherawy adduced i obviously have not fully addressed
> with my response.
If I reply to a message that contains no Bcc header I am revealing the fact
that I received the message. I don't understand this issue. Are you conflating
the issue with forwarding?
> DKIM is meant to be automated in between machines.
> Today it pledges one side, the sender one, but with this, if we
> throw in the american style we could call it "smart" or
> "reflective" DKIM, the pledge is extended to be in between sender
> and receiver.
This is an argument for removing DKIM signatures for any submitted messages, so
the ESP can add their own signature which includes the RCPT TO or signed Bcc.
The main blocker for ESPs doing that is their customers may require to apply
their own signatures instead of delegating their domain's keys to the ESP. So,
ESPs would need to only allow that for trusted customers and spammers will try
to appear trusted and/or continue to exploit compromised credentials of trusted
customers.
Jesse
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
