| ▲ | logicallee 2 days ago | |
Edit: thanks for the clarification. | ||
| ▲ | mzajc 2 days ago | parent [-] | |
DKIM doesn't decide which headers are signed, the mail server does (in the h= field). Gmail signs both To and From[0], but these don't control the 'real' recipient - the RCPT TO command in SMTP does. The recipient would presumably show wrong in the mail client, but since mailing lists and aliases are a thing, this is not suspicious by default. [0] h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; | ||