[ietf-dkim] BCC Recipients
Hallam-Baker, Phillip
pbaker at verisign.com
Tue Aug 23 12:17:48 PDT 2005
> This doesn't help for BCC recipients at the same domain.
The only way to sign BCC in my view is to provide a per user signature
constructed by means of an HMAC.
For example message is "Hello World", Sending it to dot at dotat.at
So I construct a BCC identifier HMAC ("dot at dotat.at", SHA1("Hello
World"))
Or something of that nature. That means that the BCC recipient can
verify it was sent to them while preventing any To: or CC: recipient
knowing anything more than that there is a BCC.
More information about the ietf-dkim
mailing list