On Sun, 11 Dec 2022, Murray S. Kucherawy wrote: > Then from that other account I can spray it to as many recipients as I > want so long as the only thing I change is the envelope.
Since the ISP is doing the signing, you can't stop them from using a signature that protects the To: and Cc: from modification, and in practice everyone already does that. That means the bonus messages you get to send via the hack will have mismatched 822 and 821 recipients, equivalent to a blind-carbon-copy. Blind-carbon-copy is already a sign of spam. Long ago, it was because the bad guys were using open relays, and could spam faster by issuing many RCPT TO:s to the relay in one transaction. (I remember being puzzled back then that most of my spam came "To: [email protected]" rather than my address at the time.). In modern times, you still see it from "Nigerian" scammers who seem to be using real webmail sites and copy-pasting huge address lists into a literal Bcc: field. ---- Michael Deutschmann <[email protected]> _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
