On Tue, Nov 15, 2016 at 08:07:38AM +0900, Murray S. Kucherawy wrote: > This is not reversible so nothing is leaked, but as we've all conceded by now > it's not hard to attack this to recover the hashed address especially since > one > might have good guesses as to what that address would be.
I can think of scenarios where the mere fact that someone is BCC'd is something you don't want to be known. If we're concerned about BCC - and I kind of think we should be - then how about telling senders who care to include all To:, Cc:, Resent-To: etc. headers to the DKIM signature and to create a separate copy, with a separate signature, for each BCC'd recipient, which includes a Bcc: header which is also signed. DMARC may be a good way for senders to show they care, in other words for a domain owner to say: if you receive an email signed by us and the receipient is not in one of the following headers, or that header isn't signed, the message was relayed or replayed. Martijn. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html