On Thu 17/Aug/2023 20:12:51 +0200 Emanuel Schorsch wrote:
On Thu, Aug 17, 2023 at 2:06 PM Alessandro Vesely <ves...@tana.it
<mailto:ves...@tana.it>> wrote:
If corporate domains are victims of replay attacks at the same rate as
free mail providers, then my theory is wrong. See below. >
Ale, I think there is a lot of value in what you are saying about
verification of identities and segmentation of the authenticating domain based
on the tier of verification that was performed.
Thanks.
BUT, I think this is a good idea that is separate from DKIM Replay.
Specifically, we do see non-free mail providers as victims of DKIM Replay as
well.
If the rate is similar, I agree. That kind of information is missing from the
I-D.
For example, we have seen very large DKIM Replay attacks of youtube.com
Terms of Service emails. There is no malicious content in these emails, but
spammers still send very large volumes (perhaps using them to generate
affinity with victims or warm up their sending infrastructure).
That points to a bug in the I-D. Section 3.1 says:
A spammer will find a mailbox provider with a high reputation and that
signs their message with DKIM. The spammer sends a message with spam
content from there to a mailbox the spammer controls.
Youtube.com Terms of Service emails don't seem to have been sent by the spammer.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
