-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <3316620.Pp0j0xxFaF@localhost>, Scott Kitterman <skl...@kitterman.com> writes
>What's your plan for when easily getting a DMARC pass due to bad SPF records >doesn't work anymore, so the bad guys focus more on DKIM replay? At $DAYJOB$, DKIM replay is simply not an issue any more ... caching DKIM values and blocking more than N emails with the same value (whilst of course exempting mailing lists) has proved extremely effective for several years now. Paying attention to the (sometimes inferred) age of a signature is also important for reducing the opportunity for replay, viz: it would be a Good Thing for senders to set appropriately short expire times. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBZT0oMN2nQQHFxEViEQLj2wCg9sCc40wN2UuXY4/Ms7TuMtt/QlAAn1/V kAUjrpkVAoDkoMlPbVsn1I4X =tMcf -----END PGP SIGNATURE----- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc