Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-13 Thread Evan Burke
On Fri, Feb 10, 2023 at 2:31 PM Michael Thomas wrote: > On 2/10/23 2:10 PM, Evan Burke wrote: > > The M3AAWG BCP will cover recommended header signing/oversigning policies. > I'll make sure that's shared here when it's published. > > Any idea when that might drop? > I'll roughly summarize the gu

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-13 Thread Evan Burke
On Mon, Feb 13, 2023 at 10:42 AM Michael Thomas wrote: > > On 2/13/23 2:49 AM, Laura Atkins wrote: > > > > Basically saying if you're not filtering outbound mail for abuse, > > you're part of the problem. > > > > I don’t see how that’s relevant to the discussion here. > It's extremely relevant. I

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-13 Thread Michael Thomas
On 2/13/23 2:49 AM, Laura Atkins wrote: Basically saying if you're not filtering outbound mail for abuse, you're part of the problem. I don’t see how that’s relevant to the discussion here. It's extremely relevant. If you don't want to be viewed as a spamming domain, do your part to not sen

Re: [Ietf-dkim] Setting a stage for detection

2023-02-13 Thread Laura Atkins
> On 12 Feb 2023, at 20:48, Wei Chuang > wrote: > > > > On Sun, Feb 12, 2023 at 12:16 PM Dave Crocker > wrote: > Folks, > > There appears to be no perfect way to distinguish a Replay attack from a > legitimate re-posting by an Alias or even a Mailing list (that p

Re: [Ietf-dkim] Setting a stage for detection

2023-02-13 Thread Alessandro Vesely
On Sun 12/Feb/2023 22:51:25 +0100 Dave Crocker wrote: On 2/12/2023 1:44 PM, Murray S. Kucherawy wrote: Would this work if it passes through more than one layer of aliasing? That is, can this work if "Separate-Envelope" appears more than once? Do they all have to be signed, order preserved, etc.

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-13 Thread Laura Atkins
> On 12 Feb 2023, at 21:49, Michael Thomas wrote: > > > > On 2/12/23 1:34 PM, Murray S. Kucherawy wrote: >> On Fri, Feb 10, 2023 at 2:13 PM Michael Thomas > > wrote: >> Another thing that should probably be discussed is outbound spam filtering. >> At a high level, this