[ietf-dkim] BCC Recipients
william(at)elan.net
william at elan.net
Tue Aug 23 12:32:37 PDT 2005
On Tue, 23 Aug 2005, Hallam-Baker, Phillip wrote:
>> This doesn't help for BCC recipients at the same domain.
>
> The only way to sign BCC in my view is to provide a per user signature
> constructed by means of an HMAC.
>
> For example message is "Hello World", Sending it to dot at dotat.at
>
> So I construct a BCC identifier HMAC ("dot at dotat.at", SHA1("Hello
> World"))
>
> Or something of that nature. That means that the BCC recipient can
> verify it was sent to them while preventing any To: or CC: recipient
> knowing anything more than that there is a BCC.
While its cool idea, I fear it may not be 100% doable because when message
is sent to bcc recipient, the address originally in bcc (and which becomes
address in 2821 RCPTTO) may not be final address seen in RCPTO when message
is delivered (i.e. if message is further forwarded for example).
BTW - why HMAC? You could do just SHA1("dog at dotat.at","Hello World")
--
William Leibzon
Elan Networks
william at elan.net
More information about the ietf-dkim
mailing list