Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

Mon, 07 Aug 2023 01:42:43 -0700 

On Sun 06/Aug/2023 18:07:15 +0000 Jesse Thompson wrote:

On Sat, Aug 5, 2023, at 6:50 AM, Laura Atkins wrote:

[...]
The replay attackers aren’t sending what we commonly think of as spam through the signers - as the message is sent to one recipient (not bulk) and it is opt-in (that recipient wants and has asked for the mail). >
This is accurate from my observation. It takes only a single message which evades content filters, and the attacker is the first recipient, who will not report it as abuse.
Which is why an earlier "just don't send spam" comment seemed to be borderline FUSSP rhetoric. If the message isn't detected by the receiver (who has the most visibility into the type of mail its users want to receive) then how can a sender be held to a higher standard of detection with less visibility?
Good question! They could implement RFC 7073 to exchange information based on, say, the RFC5322.From field of the messages.
Let me contrast that idea with a small mailbox provider's POV. Stock IMAP server packages provide no tools to reckon users' liking of messages. Reporting messages as spam also needs non-standard extensions. (There is a proposal to signal basic reaction to a message, RFC 9078, but it's not implemented).
The reputation they are stealing is that of the DKIM domain(s) associated with the signatures on the message (whether they are aligned to the rfc5322.From or not). So, adding more signatures to convey more fidelity would seemingly help solve the problem because receivers could better fingerprint good patterns from bad patterns. But replayers could just remove the higher fidelity signatures.
To solve that, I think we need Mandatory Tags for DKIM Signatures [1] 3.3. Forward signature (!fs) tag.
That would imply you know in advance that a message is going to be replayed. Having that knowledge, like when you send to a mailing list, you can require that the replayer's signature be also present. It wouldn't suit the problem at hand. 


Best
Ale
--






_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim

Reply via email to