On 2/16/2023 2:04 PM, Evan Burke wrote:
1hr is at the very low end of the scale, only appropriate in narrow, specific circumstances. I think you're right that 2+ days is the right range for most mail.
The historical common choice, for when to stop retrying mail delivery, has been 3 days. This was a matter of discussion some years ago and as I recall, was a comfortable choice.
And we got a note observing that replay attack can reasonably begin within minutes of original posting.
This produces a choice for setting a timeout that is wholly ineffective or one that destroys retries of leigimate mail delivery attempts.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@[email protected] _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
