On 12/11/22 12:52 PM, Murray S. Kucherawy wrote:
On Sun, Dec 11, 2022 at 12:34 PM Michael Thomas <m...@mtcc.com> wrote:
Re: stripping signatures, all the attacker needs to do is either
send it to a service that doesn't strip signatures or use their
own MTA. Trivially avoidable, and a Maginot Line of epic narrowness.
Right, I think this is an aspect of that proposal that warrants
further debate. I think the argument is compelling, but it's clearly
not bulletproof.
If all it requires is setting up a free tier VM camping on port 25, it
is no solution at all.
As for resolution: the first obvious one is to not send spam in
the first place. That is the root of the problem. The second is
that Bcc's can be treated with more suspicion. Neither of these
needs the working group to do anything.
I think this is easier said than done. In the example I gave, "don't
send spam in the first place" reduces to "make sure your users are
100% trustworthy or that your outbound spam filters are 100%
accurate", which strikes me as an impossible bar to meet.
I'm going to assume that the attackers will need to iterate to find a
piece of mail that passes their filters. That is signal right there that
abuse is likely. Perhaps an exponential backoff could be employed when
outbound spam is detected. Sort of like a 4xx "try later".
But the BCC aspect is interesting too. Don't providers already view
things with massive rcpt-to (bcc's) suspiciously?
Mike
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim