On Sun 20/Jul/2025 16:43:35 +0200 Tero Kivinen wrote:
If you count in emails inside big companies, it seems that every
single email is CC'ed to dozen of people [...]
I am not sure if that kind of emails are intended to use DKIM2, but if
so that kind of traffic might not be vanishingly small, and if those
emails are delivered in one transaction it saves lots of resources.
DKIM signatures were never intended to provide an authentication seal to be
stored with the message. So, what would be the point of signing internal
messages? I would argue that if, based on the way mail flow works in a given
ADMD, the system is confident about the origin of a message, then there's no
need to verify the signature, and therefore no need to sign it. An auth=pass
might be all you want for Authentication-Results:.
A messages intended for a mix of internal and external recipients can be
securely delivered to internal recipients with the signature, or one of the
signatures, prepared for external destinations.
The practice of BCCing messages to the author's Sent folder (to spare an IMAP
transfer) would theoretically require a separate transaction and its own
signature with the appropriate rt=. In practice, it is sufficient to just
deliver the message, with the signature it happens to bear (which might be used
for debugging.)
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
