"John" == John Levine <johnl(_at_)iecc(_dot_)com> writes:
Michael> Riddle me this: how does a receiver know when to say
Michael> enough is enough?
>> It knows it needs to deliver it to each recipient at most once.
John> Well, OK. I go get a signed message header out of an
John> archive somewhere, I splice on a spammy body, I take my
John> handy Millions CD, and I blast the message out to a million
John> different addresses, without changing the header. I hope I
John> don't have to remind anyone that the message header
John> addresses and envelope addresses need have nothing to do
John> with each other, and in mail from mailing lists they usually
*sigh* As I said, I figured I'd find out why what I was proposing does
not work. I knew everything I needed to know to realize this but just
didn't put it together. Thanks for your help.
I do note that you're actually somewhat vulnerable to this replay even
with signed bodies. I go get a free email account from an email
provider with a reasonably good reputation. I send email containing
the spam body I want to some recipient I control that will look good
in to: headers. Now that I've got this signature, I can replay the
message at any envelope recipient I want.
This puts the free email provider in the position of needing to revoke
the key I'm using, but they cannot do that until the other mail signed
with that key has had a chance to flow through the system.