On Mon, Dec 12, 2022 at 8:49 PM Murray S. Kucherawy <superu...@gmail.com> wrote:
> At a recent meeting where I heard some mass senders talk about this > problem, the use of "x=" as a mitigation technique was raised. I was > curious to know what their experience was in terms of (a) success overall, > but also (b) how broadly they found "x=" to have been properly implemented > by receivers. I have to admit that was some months ago and now I forget > the answer; maybe someone else who was there can fill in that blank. > > But I'm not sure that "x=" by itself is enough, given that it takes only a > matter of seconds for the attack to succeed, and it seems unlikely to me > that the "t=" and "x=" values would ever be that close together. > x= is indeed the most effective single defensive technique for many affected senders whose signatures are getting replayed, but yes - in practice it's still "not quite enough" even when combined with multiple other mitigation techniques. That's why we're here; existing solutions come up short. I can't speak to support for x= broadly, but as mentioned earlier these replays were almost exclusively targeted at end recipients at certain large mailbox providers, and I can confirm those have proper support for x=.
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim