On 2/4/23 11:02 AM, Evan Burke wrote:
On Sat, Feb 4, 2023 at 10:15 AM Michael Thomas <[email protected]> wrote:
Marketing email probably does. Whether it's spam or not is often
in the eye of the beholder.
Having spent some time in the industry, I can tell you that a
significant majority of marketing email service providers will deliver
a unique message, with a unique signature, for each individual
recipient. DKIM replay, in its most problematic current form, repeats
one signature, often millions of times or more. Even a very
approximate count of h= or bh= hashes can be a useful signal to
distinguish direct vs. replayed signatures.
As I'm sure there are occasional cases where non-replay mail may
re-use the same signature a substantial number of times, I suspect any
potential mechanism based on this would need to be optional on both
the signer and validator side, requiring no changes to existing
infrastructure unless a signer or validator is interested in
addressing this type of DKIM replay. Seems like that could satisfy the
people seeking a solution, and those interested in avoiding any
breaking changes.
I get tons of mail that's just the same blast to everybody. The larger
point is that we can't preclude that use case especially from a
standards standpoint.
Mike
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
