basic feature request: database of bodylength recipients
Body length signing is a work around for mailing lists and has weaknesses (rfc4686 4.1.9.). By creating a database of mailing list addresses this can be mitigated by only doing body length signing when the recipient address in the database of email lists.
enhanced feature request: auto population of database
email lists have a unique property that the sender to the email lists is often its recipient.
It may be possible to exploit this to auto populate a database of bodylength recipients.
signed emails are databased temporarily with their bodylength.
if the received emails that matches the following criteria;
From address matches our domain
The From address can be extracted from the return path according to SRS.
A To/CC address matches the top part of the return patch (accounts for to: x.com and return path as lists.x.com)
(other characteristics of email lists)
The DKIM signature fails
The DKIM signature taking into account the databased body length passes.
The To: address in put in the body length database
There after recipients containing the list are only signed using the body length.
Needs some database cleanout method (hourly?)