On 03/06/2025 00:18, Bron Gondwana wrote:
On Mon, May 26, 2025, at 18:15, Dave Crocker wrote:
[...]
If it detected DKIM Replay in the general case, it would not be trivial -
however it only detects DKIM Replay in the direct case.
Given that Replay is about actions involving an intermediary, I don't know what
direct vs. indirect means.
In any event, yes, there are legitimate scenarios that match Replay abuse
scenarios.
And there always will be.
Can you give some examples of legitimate scenarios that match Reply abuse
scenarios (in a world where every site which sends you indirect mail is running
DKIM2. I agree that until then, there will be scenarios that match Replay
abuse)
I may be dumb, but I cannot figure out how DKIM2 (or DKOR) can tell
Replay abuse from, say, this list post as relayed by mail2.ietf.org.
Even if both ietf.org and the abuser implemented DKIM2, what do the new
rt= and mf= tags add to the equation? If their respective
implementations are correct, the new tags will bear the formally correct
values in both cases.
I guess one can draw some conclusion when mf=*@gmail.com, but this is a
reputation driven reasoning that can be done even now, like so: If the
recipient is not in the To:/Cc: fields, i.e. an *unofficial recipient*,
and the actual sender is *unknown*, then it must be an abusive message.
What am I missing?
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
