On Sun, Mar 19, 2023 at 11:04 PM Emanuel Schorsch <emschorsch= 40google....@dmarc.ietf.org> wrote:
> In my mind, there are two important things I would like to see achieved: > > 1) Distinguish indirect from direct flows (encode in some way which server > / mailingList the original DKIM message was intended to come from). This is > needed for domains that aren't easily identifiable as direct flows (SPF > isn't aligned by DKIM in the direct case). > Wasn't ARC meant to solve this? What have the results been? > 2) Give more info to identify benign indirect flows (E.g. "forwarded on > behalf of"). This is helpful for recognizing a recipient's desired indirect > flows. > I'm pretty sure this is easily spoofed. So is any sort of tagging or header field manipulation mechanism. The spammer just needs to make its mail look sufficiently like something you consider legitimate, and they're in. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
