On Apr 7, 2006, at 1:53 PM, Stephen Farrell wrote:
Douglas Otis wrote:
If an MTA is forwarding messages, and these forwarding agents are
known, then bad actors sending messages to forwarded accounts may
be delighted to find their messages are subsequently rejected due
to an expired signature by some down stream MTA. : (
Is that right? Isn't it rather the case that a bad "x=" value
causes signature validation to fail, which is the same as the
message not having been signed. So a signature expiry failure
doesn't mean message rejection, same as if the signature check
failed because the message was mangled.
Signatures may fail for many reasons. While the desire may be to
classify all signature failures as no signature, this strategy may be
altered when confronting the effects of abuse. An administrator
might report some percentage reduction in abuse when rejecting
messages with an expired first-hand signature and note few complaints
subsequent to adopting this strategy. A bad actor holding many
signed messages would be able to continue a sequence of replays until
the key is removed, long after they lost the account used to generate
the sequence. If the signing domain changed keys 2 times a year,
then an expiry period could affect this abusive activity. When there
are few other valid reasons for the expiration of this type of
signature, this specific failure may receive a high spam score. The
spam filter rule-set may cause rejection nevertheless, where
practical empirical considerations could have greater weight than
ideals espoused in the draft.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html