> On 11 Nov 2022, at 15:19, Murray S. Kucherawy <[email protected]> wrote: > > On Fri, Nov 11, 2022 at 11:42 AM Laura Atkins <[email protected] > <mailto:[email protected]>> wrote: > >> The MP limits the volume of messages that a user can send out. However, by >> signing even one message, it takes the responsibility for its content. > > This appears to be the disconnect. The MP takes responsibility for the > *MESSAGE* - that message, sent to that user. > > I think you've hit on possibly the most interesting part of this: In RFC > 6376, we said "You're taking some responsibility for this message... and oh, > by the way, it could get replayed, and your claimed responsibility extends to > that case as well". I don't know that we underscored the latter very much > then or since. > > So to me, part of this hinges on whether we feel we need to remedy that, or > be comfortable pointing at 6376 and telling people to read it again, properly > this time, and seeing if the industry is OK with that.
I would be interested in hearing what a mainstream mailbox provider has to say about the issue - is it actually an operational problem for them, how much of it they see, if they believe any changes could help them mitigate it - before expending much effort. I’ve heard concern from some ESPs that DKIM replays will impact their domain reputation and delivery rates, but no confirmation from mailbox providers that it does (and if it does, whether that’s a protocol level problem or just something that should be tweaked in their reputation tracking). Cheers, Steve
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
