--- Tony Finch <dot(_at_)dotat(_dot_)at> wrote:
On Wed, 27 Jul 2005, Andrew Newton wrote:
3) The first solution in 9.5 seems to be talking about a service
that does not
exist and lends itself to abuse, and the second seems to be fairly
heavy-weight and possibly not very effective (at least from their
limited
descriptions). Perhaps those paragraphs should be struck and the
section
should be left with only a description of the attack.
The second (detecting bulk same-signature mail) effectively already
exists
in the form of Vernon Scryver's distributed checksum clearinghouse.
2 cool benefits of this:
1) Spammers have been inserting random content to play games with bulk
detector games for a few years. These attacks don't exist when
replaying a message.
2) A signature has already been calcuated. It should be technically
feasible to use the DKIM signature as a DCC/Vipul Razor checksum,
saving its re-caculation if desired.
miles