▲ | btown a day ago | ||||||||||||||||
How would this work with mailing lists/groups? A common pattern is to have emails from third parties to e.g. accounts-payable@example.com be auto-forwarded to members of the relevant team. Would the end recipient team member's receiving system need to be set to "trust" the mailing list forwarder, or internally track what lists it is on to be able to understand that the original recipient accounts-payable is a valid recipient? | |||||||||||||||||
▲ | brongondwana a day ago | parent [-] | ||||||||||||||||
Glad you asked! In a similar way to ARC (but better). The mailing list/group would add its own signature, and potentially a Delta-Body or Delta-Headers describing what changes it made (so that the verifier could undo the changes and verify the original signature, plus determine which changes were made by which hop). So you'd have something like: DKIM2: i=1; mf=sender@trusted.com; rt=accounts-payable@example.com; d=trusted.com DKIM2: i=2; mf=bounce@example.com; rt=me@mydomain.com; d=example.com So I could tell that the message came through example.com, and verify their signature on the message, as well as verify that trusted.com had intended the message to go to example.com in the previous hop. | |||||||||||||||||
|