On Nov 21, 2016 6:30 PM, "John R. Levine" <johnl(_at_)iecc(_dot_)com> wrote:
Also realize that this isn't "Gmail shouldn't sign spam", it's everyone who
normally has a good reputation needs to not sign spam, this is a way to
steal reputation from any service allowing you to choose your own message,
and can be used against any mail receiver.
Just wondering, roughly when would you use the no-forward flag? I hope you
wouldn't use it on everything, since that would make DMARC have far worse
effects on legit mail than the current mailing list issues.
No, I'm not recommending -all. I'm saying that this increases the value of
an spf pass in your spam filtering. Ie, an spf pass and a dkim pass is
worth more in your scoring than a dkim pass and spf fail.
Which is obviously a short hand for how it's actually used, but that's the
general form of working this attack.
A dkim with hidden knowledge of recipient will survive forwarding with some
amount of work on sharing knowledge of forwarding paths, but without that
is no better than spf. ARC would allow forwarding spf pass info, which
would be useful, but isn't available.
Brandon
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html