On Wed, Feb 15, 2023 at 10:49 PM Evan Burke <evan.bu...@mailchimp.com> wrote:
> >> I don't think we're saying different things. I remember the point of the >> answer I got in that session being that most, but not all, implementations >> check or enforce signature expiration. But that means if "x=" is the >> solution we land on, we have to accept that a possibly-significant part of >> the ecosystem won't be able to use that solution. >> >> Then again, anything new we roll out is going to take a while to become >> universal anyway. >> > > The short version is that x= works where it matters at the moment. As far > as I've seen and heard from others, DKIM replay spam currently focuses > heavily on replaying to recipients at just a few of the top 10 global > mailbox providers. This is for reasons of economies of scale - roughly > speaking, it might be viable to spend 1000 hours finding a way through the > filters of a provider operating 200 million mailboxes, where it is not for > a provider hosting 20 million. This is part of why I don't think we'll see > replay attacks expand significantly to more domains; replay is just one > ingredient in a larger spam recipe that takes a lot of other fine-tuning to > achieve its intended effect. > If my prior formulation is right, i.e., that the attack only takes a few seconds to complete, what "x=" value are we proposing that will work here without also bringing undesirable side effects? -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim