On 2/10/23 10:23 AM, Wei Chuang wrote:
Hi all,
I've posted an updated version of the
draft-chuang-dkim-replay-problem-01
<https://datatracker.ietf.org/doc/draft-chuang-dkim-replay-problem/01/>
draft. It cleans up a lot from the -00 rough draft state so hopefully
it's more clear. It builds a case that spammers are exploiting DKIM
through replay, identifies conflicting scenarios, and outlines a
solution space.
Another thing that should probably be discussed is outbound spam
filtering. At a high level, this is really about the sender sending
spam. But email afaik is silent on whether senders or receivers should
filter for spam (and if there is, it would be good to reference it).
Sender filtering is especially pertinent and may well have clues of how
a sender can mitigate it. A breakdown of how spammers defeat that
outbound filtering would be really useful. For example, is the spam
intended for mailboxes on the sending domain (eg, gmail)? Or do they go
through a two stage process where they first get the spam through the
sender, and then test it on the intended receiving domains? All of that
would be really helpful.
Mike
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim