On Sat, Feb 4, 2023 at 10:15 AM Michael Thomas <m...@mtcc.com> wrote:
> Marketing email probably does. Whether it's spam or not is often in the > eye of the beholder. > Having spent some time in the industry, I can tell you that a significant majority of marketing email service providers will deliver a unique message, with a unique signature, for each individual recipient. DKIM replay, in its most problematic current form, repeats one signature, often millions of times or more. Even a very approximate count of h= or bh= hashes can be a useful signal to distinguish direct vs. replayed signatures. As I'm sure there are occasional cases where non-replay mail may re-use the same signature a substantial number of times, I suspect any potential mechanism based on this would need to be optional on both the signer and validator side, requiring no changes to existing infrastructure unless a signer or validator is interested in addressing this type of DKIM replay. Seems like that could satisfy the people seeking a solution, and those interested in avoiding any breaking changes.
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim