On 10Oct24, Al Iverson via mailop apparently wrote: > > > If you've got any evidence of x= in the wild that you care to share, > > > thank you kindly in advance!
I'd be curious as to evidence of systems which actually re-categorise email based on x=. And how often such recategorisations are real replays rather than poor sender implementations or long queue delays. IOWs what's the false positive rate over the success rate? Clearly setting x= is trivial but one presumes the OP really cares about who is acting on it. Given that you have to allow for a queue time of multiple days, x= seems of marginal value - leastwise as an anti-replay mechanism. After all, since a replay by definition is an identical email with an identical hash, any sort of content duplication system is going to trigger much sooner than any x= test. In replays are a real issue, I'd be looking at a hash duplication system long before I worried about x= as surely competent miscreants have read up on that tag. The other matter of course is that a system can make it's own decision on the age of an inbound email without relying on the sender to dictate a limit. I'm inclined to drop old email regardless of the presence x=. > https://xnnd.com/dqio This really shouldn't be saying that unrecognised tags imply an error given the RFC says "Unrecognized tags MUST be ignored". The whole point of the tagging system is to seamlessly introduce new features without breaking existing implementations. Mark. _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
