Hi, Murray,
On 09/02/2010 07:42 PM, Murray S. Kucherawy wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Alessandro Vesely
Sent: Thursday, September 02, 2010 10:35 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review
However, the other issue is to break or remove author domain
signatures. John has pointed this out since a long time, for FBL
reasons. Doug has brought out the same issue for replaying attacks
aimed at breaking reputation, because replaying is definitely out of
control in case of publicly distributed messages.
What's the danger of replaying legitimate mail, other than to cause volume
detection alarms to go off?
I think Doug was not talking about replaying legitimate mail but illegit
mail. I believe Doug described this scenario in one of his previous
messages either on domainrep or here on this list (Doug, excuse me if
this summary lacks the nuances):
Someone sends a spam-type message from a large ESP to a mailbox he owns,
somewhere on the Internet. The message is DKIM signed by the ESP. The
spammer then takes the entire message including complete headers, and
replays it using different envelope To: addresses and (optionally)
different envelope From addresses. A verifier find the signature to be
valid and at the end of the day this type of replay will impact the
reputation of the ESP.
BTW: if the original message was sent from the ESP via an MLM and the
MLM re-signs the message, the reputation impact will be on the MLM's
domain and (in most cases) not the ESP's as the original signatures get
broken by the MLM in most situations.
/rolf
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html