On Fri, Mar 23, 2018 at 8:19 AM, Tim Hollebeek <[email protected]> wrote:
> > > to (easy with e.g. Postfix header_checks): > > > > Require-TLS: NO > > Subject: [insecure-delivery]: actual subject > > > > or (not easy with header_checks, but hides the subject tag): > > > > Require-TLS: NO > > Subject: actual subject > > Of course, someone could add the [insecure-delivery] to the > subject using an MTA that doesn't add Require-TLS, potentially > fooling someone, but I don't offhand see any serious security > consequences of being able to falsely claim your message > was delivered insecurely, when it wasn't. > If the message is DKIM signed at the origin, then tampering with the Subject header field will be verboten under most signing practices which include the Subject header. --Kurt
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
