What it seems to me now, is that this proposal is not meant to be by
itself, it rather addresses only certain points and tricks that spammers
use. But cutting away the ability to joe-job a site unless you want to
send all of your messages as identical, would definatly help some what.
But it doesn't even do that - a "replay" does not have to involve just
a single message, but rather a large number of similar messages.
Consider this scenario:
A spammer gets an account at yahoo.com and sends (to some throwaway.com
address) a few thousand almost identical messages, each of which gets
properly signed by Yahoo.
Then throwaway.com starts spamming those messages, with Yahoo's
signature, and the headers faked to make it look like the message
comes from Yahoo ... sure, the IP number does not belong to Yahoo,
but unless you have something like LMAP you are out of luck in that
respect.
Of course the spammer takes certain precautions, such as not sending
the same variant of the message twice to the same domain - thus
trying to reduce the chance of anyone noticing two *identical*
messages.
Or am I missing something?
--
Fridrik Skulason Frisk Software International phone: +354-540-7400
Author of F-PROT E-mail: frisk(_at_)f-prot(_dot_)com fax:
+354-540-7401
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg