On 02/Sep/10 19:42, Murray S. Kucherawy wrote: > From: [email protected] [mailto:[email protected]] > On Behalf Of Alessandro Vesely >> However, the other issue is to break or remove author domain >> signatures. John has pointed this out since a long time, for FBL >> reasons. Doug has brought out the same issue for replaying attacks >> aimed at breaking reputation, because replaying is definitely out of >> control in case of publicly distributed messages. > > What's the danger of replaying legitimate mail, other than to cause > volume detection alarms to go off?
If this message were replayed to all mailboxes in the world, the number of complaints might be overwhelming; the more successful spam reporting, the more scaring this possibility. And if anyone uses that for tracking domain reputation, it might drop below small integer ranges. In such scenario, one may consider it safer to only sign mail destined to trusted recipients. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
