On Tue, Nov 15, 2016 at 08:07:38AM +0900, Murray S. Kucherawy wrote:
This is not reversible so nothing is leaked, but as we've all conceded by now
it's not hard to attack this to recover the hashed address especially since
one
might have good guesses as to what that address would be.
I can think of scenarios where the mere fact that someone is BCC'd is
something you don't want to be known.
If we're concerned about BCC - and I kind of think we should be - then
how about telling senders who care to include all To:, Cc:, Resent-To:
etc. headers to the DKIM signature and to create a separate copy, with a
separate signature, for each BCC'd recipient, which includes a Bcc:
header which is also signed.
DMARC may be a good way for senders to show they care, in other words
for a domain owner to say: if you receive an email signed by us and the
receipient is not in one of the following headers, or that header isn't
signed, the message was relayed or replayed.
Martijn.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html