I was viewing this as a resolution to 1525...
Michael Thomas wrote:
Eliot Lear wrote:
Michael Thomas wrote:
Eliot Lear wrote:
John L wrote:
Reflection attacks? How would a few TXT queries make that happen?
It would be the queries themselves I would be worried about.
Suppose someone blasts a message to thousands of domains that has
many addresses in the From: line. All of sudden all of those
domains are under attack.
Perhaps some careful wording about how this is handled can get us
around that? I don't know.
You know, I really wonder whether this is a mole hill sized mountain.
I wonder how long it would take for spam filter writers to notice this
kind of attack and write a new rule to send them to the bit bucket. A
week? Less? Not to mention that Baysian filtering would glom onto it
even faster.
Mike
Ok, perhaps it's nothing. It did occur to me as a potential attack.
Perhaps worth adding a line in Security Considerations?
Is there an open issue about this? If there is, can I propose that we:
1) consider all addresses in the From: address up to some arbitrary
limit in which case the message is suspicious
2) write a security consideration mentioning the reflection attack, and
the likely mitigation that filtering software should view this as
out of the ordinary
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html