On 12/13/22 9:06 AM, Evan Burke wrote:
On Tue, Dec 13, 2022 at 8:45 AM Jim Fenton <[email protected]> wrote: This is interesting and surprised me a bit. I had expected that the senders of the messages being replayed were the large consumer mailbox providers, because it would be easy for spammers to hide in a large crowd and because the reputation of the large mailbox providers is (I expect) fairly bullet-proof just because of their size.I can't speak to whether large consumer mailbox providers' signatures are getting replayed, but with the scale of replay spam we're talking about - on the order of billions per day, at its peak - that's probably enough to make a difference in reputation for even the largest MBPs.
So if they are sending billions of piece of spam within minutes, say, of getting a piece of mail signed, I don't know what this working group can do about this. Signatures definitionally need to be valid in transport time. And the notion that MDA's stripping the signature doesn't work either since they'll just send to one that doesn't.
I've always been really skeptical about calling these things "replays" because that is a perfectly valid use of email. The only difference between legitimate and illegitimate is the content which IETF can't address. There may well be mitigation but that seems well out of the scope of a standards body like IETF (MAAGW otoh, might be a good venue).
Mike
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
