> > > BUT, I think this is a good idea that is separate from DKIM Replay. > > Specifically, we do see non-free mail providers as victims of DKIM > Replay as > > well. > > > If the rate is similar, I agree. That kind of information is missing from > the I-D. > > > > For example, we have seen very large DKIM Replay attacks of youtube.com > > Terms of Service emails. There is no malicious content in these emails, > but > > spammers still send very large volumes (perhaps using them to generate > > affinity with victims or warm up their sending infrastructure). > > That points to a bug in the I-D. Section 3.1 says: > > A spammer will find a mailbox provider with a high reputation and that > signs their message with DKIM. The spammer sends a message with spam > content from there to a mailbox the spammer controls. > > Youtube.com Terms of Service emails don't seem to have been sent by the > spammer. >
I agree, for completeness we should update that section to include both types of DKIM replay. I can work on sending a tweak to that section. But, to be clear this type of replay is definitely much less common than the spammer generated content. I just wanted to provide that it does also happen. -Emanuel
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
