On Nov 21, 2016 6:30 PM, "John R. Levine" <jo...@iecc.com> wrote:
Also realize that this isn't "Gmail shouldn't sign spam", it's everyone who > normally has a good reputation needs to not sign spam, this is a way to > steal reputation from any service allowing you to choose your own message, > and can be used against any mail receiver. > Just wondering, roughly when would you use the no-forward flag? I hope you wouldn't use it on everything, since that would make DMARC have far worse effects on legit mail than the current mailing list issues. No, I'm not recommending -all. I'm saying that this increases the value of an spf pass in your spam filtering. Ie, an spf pass and a dkim pass is worth more in your scoring than a dkim pass and spf fail. Which is obviously a short hand for how it's actually used, but that's the general form of working this attack. A dkim with hidden knowledge of recipient will survive forwarding with some amount of work on sharing knowledge of forwarding paths, but without that is no better than spf. ARC would allow forwarding spf pass info, which would be useful, but isn't available. Brandon
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html