On 15/11/22 03:01, Alessandro Vesely wrote:
> The exception is a standardised mechanism to allow a sender/signer to
> indicate the [approximate] number of intended recipients, with which
> receivers might make fact-based decisions about when to recognise an
> instance of this particular attack
For a mailing list, this is totally out of reach, unless the MLM itself is the
(ARC) signer.
Your statement appears to assume that a message can have only one DKIM
signature on it. This is not correct. The party-at-risk is the MLM who
does not want to take any action. If they're willing sign — whether with
ARC or DKIM — and include an approximate recipient count then they've
provided potentially useful information for a receiver.
In the context of a replay attack, the important cases are:
1. the MLM does not break the original DKIM signature
2. the MLM applies its own ARC/DKIM signature which is itself used in a
reply attack
Even then, when the MLM knows there are 1000 subscribers, should
it extract the average per domain weight? I mean if 500 are @gmail.com and
just 1 is @tana.it, should it extract the right figures for each receiver or
send a rough total,
As usual, the more help it can give receivers, the better receivers will
do. Dividing as you suggest is likely to be useful.
which smaller mailbox providers cannot use?
Smaller mailbox providers operating without the benefit of security data
of some sort, yes.
BTW, we all know that mailing lists send one message at a time, doing VERP for
each subscriber. They can more easily include the recipient in the ARC
signature. However, any spammer can do the same.
Right, but this requires disclosing an identity that the spammer is
trying to hide. This approach works better for legitimate users than for
abusers, which makes it potentially useful.
- Roland
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
