On February 16, 2023 9:21:51 PM UTC, Michael Thomas <m...@mtcc.com> wrote:
>
>On 2/16/23 12:56 PM, Barry Leiba wrote:
>>>> Okay. What's the value for X - T that prevents this problem, but doesn't
>>>> cause DKIM signatures of "normal" mail to fail?
>>> There's not one "right" value; we're talking about distributions
>>> of timings for normal mail vs. replay, and yes, there's some
>>> overlap there. In practice I've seen many signers choose
>>> expirations in the range of 1hr to a few days. 1hr can be very
>>> good at limiting the opportunity for high volume replay, but I
>>> estimate "normal" signature breakage at that level is on the
>>> order of 0.1%. 24hr is probably effectively zero breakage, but
>>> with greater opportunity for replay.
>> I think you're way off on these numbers, especially for the 1-hour
>> case. While normal circumstances get mail delivery in less than an
>> hour, I have seen *many* cases of legitimate mail delayed by hours --
>> sometimes quite a few hours. I would consider anything less than two
>> days to be unacceptable, and with that sort of gap you don't do much
>> to prevent a spam blast.
>
>I dunno, I would think it has to do with how much of a boost reputation is
>actually giving deliverability. For typical marketing email that's not too
>spammy maybe it doesn't make much difference? Adding signatures and a SPF
>record is pretty easy to do these days, so it's sort of a no-brainer to just
>do it. But if some small percentage with slow delivery fall through the
>cracks, how adverse is that to delivery, assuming they don't have a p=reject
>policy? That seems like it should be a pretty measurable thing for an ESP.
>
>Sounds like something that Evan might know. Actually it might well be worth
>adding that kind of estimate to the problem statement to judge how much of a
>problem it is. What we have now is very hand waving and makes it impossible to
>judge about how heroic we need to be.
I think this highlights a key consideration that's easy to forget. Ultimately
the issue is not that a 'bad' message was delivered, but that a 'bad' message
got the benefit of whatever positive reputation was provided by the signature.
If one decides under X circumstances we will ignore a DKIM signature for Y
purposes, then the negative impact of that is far less than that associated
with rejecting the message, so we can probably tolerate more false positives.
Scott K
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
