On Wed 16/Nov/2022 05:32:24 +0100 Roland Turner wrote:
On 15/11/22 03:01, Alessandro Vesely wrote:
The exception is a standardised mechanism to allow a sender/signer to
indicate the [approximate] number of intended recipients, with which
receivers might make fact-based decisions about when to recognise an
instance of this particular attack
For a mailing list, this is totally out of reach, unless the MLM itself is the
(ARC) signer.
Your statement appears to assume that a message can have only one DKIM
signature on it. This is not correct. The party-at-risk is the MLM who does not
want to take any action. If they're willing sign — whether with ARC or DKIM —
and include an approximate recipient count then they've provided potentially
useful information for a receiver.
Your other message clarified this point.
Subscribers will probably appreciate to know how many people is lurking on a
list.
In the context of a replay attack, the important cases are:
1. the MLM does not break the original DKIM signature
2. the MLM applies its own ARC/DKIM signature which is itself used in a reply
attack
I fancied an experiment where a MLM offers a per-subscriber choice on whether
to munge From: or not. The way I envisaged it was to have users whitelist the
ARC/ DKIM signing domain concurrently with their opting for non-munged From:.
Mailbox providers could maintain per-user whitelists. But it was rejected by
the ISE...
Even then, when the MLM knows there are 1000 subscribers, should
it extract the average per domain weight? I mean if 500 are @gmail.com and
just 1 is @tana.it, should it extract the right figures for each receiver or
send a rough total,
As usual, the more help it can give receivers, the better receivers will do.
Dividing as you suggest is likely to be useful.
Perhaps they could send 500/1000, so that everyone has a good knowledge of the
mail flow.
which smaller mailbox providers cannot use?
Smaller mailbox providers operating without the benefit of security data of
some sort, yes.
What security data?
BTW, we all know that mailing lists send one message at a time, doing VERP for
each subscriber. They can more easily include the recipient in the ARC
signature. However, any spammer can do the same.
Right, but this requires disclosing an identity that the spammer is trying to
hide. This approach works better for legitimate users than for abusers, which
makes it potentially useful.
Good point. We want spammers to take responsibility.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
