On Sat, Feb 4, 2023 at 11:07 AM Michael Thomas <[email protected]> wrote:
> On 2/4/23 11:02 AM, Evan Burke wrote: > > On Sat, Feb 4, 2023 at 10:15 AM Michael Thomas <[email protected]> wrote: > >> Marketing email probably does. Whether it's spam or not is often in the >> eye of the beholder. >> > > Having spent some time in the industry, I can tell you that a significant > majority of marketing email service providers will deliver a unique > message, with a unique signature, for each individual recipient. DKIM > replay, in its most problematic current form, repeats one signature, often > millions of times or more. Even a very approximate count of h= or bh= > hashes can be a useful signal to distinguish direct vs. replayed > signatures. > > As I'm sure there are occasional cases where non-replay mail may re-use > the same signature a substantial number of times, I suspect any potential > mechanism based on this would need to be optional on both the signer and > validator side, requiring no changes to existing infrastructure unless a > signer or validator is interested in addressing this type of DKIM replay. > Seems like that could satisfy the people seeking a solution, and those > interested in avoiding any breaking changes. > > > I get tons of mail that's just the same blast to everybody. The larger > point is that we can't preclude that use case especially from a standards > standpoint. > I agree with that larger point, and I noted that in my second sentence above.
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
