> > With double signing, you have the ability to distinguish between plain > > old spammers, and spammers who are screwing around with forwarded > > mail. I think that's a useful difference, since it is my impression > > that the set of malicious mutating forwarders is pretty small because > > it's a lot of hassle and not a lot of reward. > >Unless you have the user's address book to hand, and can thus target >your shot with a significantly higher percentage of "successes" than >random spamming. That's a significant marketing advantage if you're a >contract spammer (rather than spamming for your own account), I would >suppose.
For this to work, you somehow need to persuade the real system to send you a signed message from the address you're planning to abuse. That seems like an implausible amount of work. If you can get the real system to send you a message to re-sign, why not just have it send the spam? R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
