This doesn't help for BCC recipients at the same domain.
The only way to sign BCC in my view is to provide a per user signature
constructed by means of an HMAC.
For example message is "Hello World", Sending it to dot(_at_)dotat(_dot_)at
So I construct a BCC identifier HMAC ("dot(_at_)dotat(_dot_)at", SHA1("Hello
World"))
Or something of that nature. That means that the BCC recipient can
verify it was sent to them while preventing any To: or CC: recipient
knowing anything more than that there is a BCC.
_______________________________________________
ietf-dkim mailing list
http://dkim.org