Of course if the message is spam the chances are that you will recieve a few
tens of thousand copies.
If the message is phishing then the authentication to a web mail provider
doth not improve credibility. Hello, this is paypal sending you an email
thru yahoo...
Enail authentication is an opening, not the endgame.
-----Original Message-----
From: Jim Fenton [mailto:fenton(_at_)cisco(_dot_)com]
Sent: Sun Nov 21 21:00:29 2004
To: Justin Mason
Cc: IETF MAILSIG WG
Subject: Re: MASS plus Sender-ID
Justin Mason wrote:
hmm, you might be on to something there, that does indeed seem to be a
replay attack that can be used to deliver spam.
Indeed there is; see draft-fenton-identified-mail-01.txt section 9.1.4.
The problem is that there is no way I can think of to differentiate an
MTA that forwards mail to multiple addresses from a spam replay, other
than intent and (possibly) the number of addresses that the messages is
forwarded to. It's hard to detect even the latter, unless you're a
large enough domain to get a large number of copies of the same message
with the same signature.
-Jim