[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John R Levine
Doug has offered the only scenario so far of a replay attack,
which is very helpful to figuring out what the threat is.
His scenario boils down to one of a domain's users being a
spammer, which would be a problem whether or not his spam was
being remailed.
This attack is only relevant for public mail providers.
If an email sent from verisign.com is bulk mailed in a replay attack
then VeriSign should be held accountable.
Only a small number of domains actually offer open email service without
close accountability. Employers, educational institutions, personal
identity domains all ensure close accountability.
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim