On Sun, Dec 11, 2022 at 1:41 PM Michael Thomas <[email protected]> wrote:
> > But the BCC aspect is interesting too. Don't providers already view things >> with massive rcpt-to (bcc's) suspiciously? >> > That's easy to evade: Send a spam message to yourself only. That has the > signature. Now capture that from your inbox and replay it from a different > server to any number of recipients, using any number of envelopes, to your > heart's content. Won't pass SPF, but it passes DKIM. If the receiver > values DKIM more, or only cares if one passes, you win. > > No, I mean that the if number of RCPT-TO's is large, it's suspicious. Even > if they do individual SMTP transactions it will have the same (signed) > Message-Id so that's not evadeable either in theory. > In the transaction where the signature is applied, there's only one envelope recipient. When I'm executing the attack, I could do one envelope per recipient if I'm worried about being detected that way. If Message-ID isn't covered by the header hash, it can be unique per envelope. There was a suggestion that the "bh=" could be required to be unique per MX to avoid replays, but that becomes a potentially gigantic hash table, so now there's a resource problem imposed on the receiver/verifier. Even if you key it on Message-ID, you have the same resource problem. -MSK
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
