On Tue, Dec 13, 2022 at 8:45 AM Jim Fenton <[email protected]> wrote:
> This is interesting and surprised me a bit. I had expected that the > senders of the messages being replayed were the large consumer mailbox > providers, because it would be easy for spammers to hide in a large crowd > and because the reputation of the large mailbox providers is (I expect) > fairly bullet-proof just because of their size. I can't speak to whether large consumer mailbox providers' signatures are getting replayed, but with the scale of replay spam we're talking about - on the order of billions per day, at its peak - that's probably enough to make a difference in reputation for even the largest MBPs. > Is there anything that you can say about the types of domains whose > reputations are suffering as a result of replay attacks? Are they, for > example, small consumer mailbox providers, email sending providers, or > services that for some reason allow third parties to send (presumably > transactional) email through their servers? > Predominantly ESPs, but really anyone with substantial sending volume and good reputation on the d= domain. ESPs seem to be the primary target because they tend to have the highest sending volume, so the attacker can send more replays before reputation and deliverability degrade.
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
