On Thu 12/Jun/2025 17:01:33 +0200 John Levine wrote:
It appears that Alessandro Vesely <[email protected]> said:
Is that a thing? A message with multiple "From"?
https://www.rfc-editor.org/rfc/rfc6854.html
We beat this to death a few years ago. While it is possible to put two addresses
in the From header, it is very uncommon, it is even less common to have two
addresses in different domains, and the few examples I've seen are either
mistakes or malicious. They are rare enough we can ignore them, messages with
multiple From header domains can't be DKIM2 signed.
However, Bron said the signing domain is aligned with mf=, which is the
envelope MAIL FROM. There should be no problem signing it.
Wei convinced me that there must be at most one rt=, because, he said, the
official recipients, To: and Cc:, do not need to be repeated in rt=. They are
already signed and delivery to them is due. rt= is only needed for Bcc: and
forwards (which can be thought of as Bcc:). This way, there must be at most
one rt=, but there may be none.
By far the most common scenario where the recipient isn't in the header is
mailing lists.
Yes. The other cases, by volume, I'd guess are DKIM replay followed by
dot-forward recipes and last Bcc:. Sounds correct?
There will always be exactly one rt= because we don't allow more than one, and
a mail
delivery without an envelope recipient isn't a mail delivery.
Why despise having no rt=? I know that in theory the envelope is independent
of the header. However, acknowledging that there is a match does have value.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
