On 02/Sep/10 19:42, Murray S. Kucherawy wrote:
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Alessandro
However, the other issue is to break or remove author domain
signatures. John has pointed this out since a long time, for FBL
reasons. Doug has brought out the same issue for replaying attacks
aimed at breaking reputation, because replaying is definitely out of
control in case of publicly distributed messages.
What's the danger of replaying legitimate mail, other than to cause
volume detection alarms to go off?
If this message were replayed to all mailboxes in the world, the
number of complaints might be overwhelming; the more successful spam
reporting, the more scaring this possibility. And if anyone uses that
for tracking domain reputation, it might drop below small integer
ranges. In such scenario, one may consider it safer to only sign mail
destined to trusted recipients.
NOTE WELL: This list operates according to