On Sun, Dec 11, 2022 at 12:34 PM Michael Thomas <[email protected]> wrote:
> Re: stripping signatures, all the attacker needs to do is either send it > to a service that doesn't strip signatures or use their own MTA. Trivially > avoidable, and a Maginot Line of epic narrowness. > Right, I think this is an aspect of that proposal that warrants further debate. I think the argument is compelling, but it's clearly not bulletproof. > As for resolution: the first obvious one is to not send spam in the first > place. That is the root of the problem. The second is that Bcc's can be > treated with more suspicion. Neither of these needs the working group to do > anything. > I think this is easier said than done. In the example I gave, "don't send spam in the first place" reduces to "make sure your users are 100% trustworthy or that your outbound spam filters are 100% accurate", which strikes me as an impossible bar to meet. The alternative is to say: Well, if you can't make at least one of those two quantities bulletproof, then don't sign your mail. That, though, sounds a lot to me like tossing DKIM in the bin. -MSK
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
