On Fri, Apr 18, 2025 at 10:11 AM Alessandro Vesely <[email protected]> wrote:
> On Mon 14/Apr/2025 19:01:35 +0200 Wei Chuang wrote: > > Instead I think we need a better way that can describe the originator, > when a > > message was forwarded and when a participant tries to spoof the > forwarding > > description. DKIM2 does this. With that we can more easily see abusive > > scenarios like replay where some message intended for one recipient was > sent to > > many others in an inauthentic way. > > > Why didn't the practice of signing by user name, as in i= > [email protected], > catch on? Would personal responsibility have played a role? Will it now? > I don't know of the history of I= for RFC6376, but AFAIK there isn't any instructions on how to use that to help with replay in the RFC. Moreover there is ambiguity on what to put there (domain versus email address) and how to differentiate benign forwarding from replay -wei >
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
