> On 10 Nov 2022, at 13:17, Murray S. Kucherawy <superu...@gmail.com> wrote: > > On Thu, Nov 10, 2022 at 12:54 PM Laura Atkins <la...@wordtothewise.com > <mailto:la...@wordtothewise.com>> wrote: > In many cases, the reason the mail isn’t going out through the signing domain > is because the signing domain’s anti-spam heuristics are good enough that the > sender couldn’t maintain an account there long enough to send out any volume > of email. That’s why the domain has a good reputation - because they block > spam off their network. This is a way to steal the good reputation from the > good ESP. > > Interesting. Almost seems like "SPF against the signing domain" could be a > win, except for all the usual forwarding concerns.
I think a lot of it is being blocked and the receiving orgs are aware it’s happening and the replays are not contributing that much to the actual reputation of the originating domain. Certainly, what I’m hearing from the folks who are being used as the signer for the replay is they’re not seeing a whole lot of impact on delivery and reputation. > 2) The messages often have two different To: lines > > This violates RFC 5322, so it would be easy to filter these out, except that > we would need to know how common and tolerated this is today among legitimate > messages. Yup. I believe replay attacks are one of the things driving the current increase in ’this message violates the RFCs, fix your stuff and try again later’ rejections by the big mailbox providers. -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
