On 17/11/22 04:59, Alessandro Vesely wrote:

> In the context of a replay attack, the important cases are:
> > 1. the MLM does not break the original DKIM signature
>  2. the MLM applies its own ARC/DKIM signature which is itself used in a reply
>     attack


I fancied an experiment where a MLM offers a per-subscriber choice on whether
to munge From: or not.  The way I envisaged it was to have users whitelist the
ARC/ DKIM signing domain concurrently with their opting for non-munged From:.
Mailbox providers could maintain per-user whitelists.  But it was rejected by
the ISE...

That's a lot of moving parts. Quite apart from needing mailbox providers needing to provide a means to do this, it requires that the user making the munging decision act in concert with all of the other list subscribers (if I specify non-munging then all other subscribers must whitelist in order to receive my posts), which doesn't seem at all feasible.


>> which smaller mailbox providers cannot use?
> > Smaller mailbox providers operating without the benefit of security data of > some sort, yes.


What security data?

Whatever a data provider might provide that's helpful. Most server-side anti-spam products already include some sort of data exchange (or at least feed) to allow decision-making by small receivers to be supported by a much broader picture of the behaviour of abusers than they can obtain from their own logs.


- Roland


_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim

Reply via email to