@techreport{gondwana-email-mailpath-01,
    number =    {draft-gondwana-email-mailpath-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-gondwana-email-mailpath/01/},
    author =    {Bron Gondwana},
    title =     {{Email extension for specifying the next hop path for delivery}},
    pagetotal = 6,
    year =      2022,
    month =     oct,
    day =       10,
    abstract =  {Much work has been put into adding authentication methods (DKIM, ARC), source verification (SPF) and policy support (DMARC) to email flows, however all these specifications have focused on looking backwards through email flow only, and only add new headers to messages, causing them all to be susceptible to replay or re-use. In particular, in early 2022, a type of attack called "DKIM Replay" was widely seen, where correctly DKIM-signed messages were sent to a different envelope sender. The "To" address would not be aligned, but such messages can also be the result of legitimate mailflow, so these messages were delivered to end-recipient mailboxes, and caused reputation issues for the signers of the original message.},
}