On Wed 18/Jun/2025 23:15:37 +0200 Bron Gondwana wrote:
Note that we're still signing each recipient individually. Then if Sheila has
a forwarding rule, it only keeps her i=1 header, so that forwarded message
would contain:
DKIM2: i=1; [email protected] [email protected]; d=example.com
DKIM2: i=2; [email protected]; [email protected]; d=example.org
This point relies entirely on the good faith of the forwarder. A malicious
replayer would put a different signature, in order to confuse the attribution
of reputation.
Isn't it possible to explicitly request the previous rt=? That is, to have:
DKIM2: i=2; [email protected]; [email protected]; d=example.org
This solution also relies on the good faith of the forwarder, but is simpler as
it doesn't require separate signatures.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
