In
<198A730C2044DE4A96749D13E167AD375A2A14(_at_)MOU1WNEXMB04(_dot_)vcorp(_dot_)ad(_dot_)vrsn(_dot_)com>
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John R Levine
Doug has offered the only scenario so far of a replay attack,
which is very helpful to figuring out what the threat is.
His scenario boils down to one of a domain's users being a
spammer, which would be a problem whether or not his spam was
being remailed.
This attack is only relevant for public mail providers.
Or companies/university with a zombied box that can be used to send
email through the organization's signing MTA.
The big difference between riding on someone elses reputation with
something like DKIM and riding on someone elses MTA is that the MTA
can do rate limiting and the zombied box can be shut down at any
time.
-wayne