It would be impolite to name names at this stage, and the appropriate time to talk publicly about details is once those sending platforms have begun signing the fields recommended in the RFC. That said, I'm sure you can imagine the kinds of problems key unsigned headers might pose in the context of DKIM replay.
On Mon, Apr 14, 2025 at 9:08 PM Dave Crocker <d...@dcrocker.net> wrote: > On 4/14/2025 11:41 PM, Burke, Evan wrote: > > Regardless of the specific words we may use to describe it, I've seen some > very large email platforms omit some important headers in their DKIM > signatures - headers explicitly recommended by the DKIM RFC - and I've seen > that absence enable real-world abuse. > > > Please provide specifics. > > d/ > > -- > Dave Crocker > > Brandenburg InternetWorkingbbiw.net > bluesky: @dcrocker.bsky.social > mast: @dcrocker@mastodon.social > >
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
