On Mon, Nov 21, 2022 at 5:03 PM Jim Fenton <[email protected]> wrote:
> I disagree with Jon (and Dave) on this. Spammers are notably agile — if > some mechanism they have been using stops working, they quickly adapt and > develop a workaround. In this case, they only need to arrange to have the > signed message relayed to an MTA they control, and their problem is solved. > In many cases they probably collect the signed messages from their own MTAs > already. > This is 100% correct; attackers are already using their own MTAs. Dropping signatures won't make a difference except at the margin. On the other hand, it makes it more difficult for legitimate senders to use DKIM - troubleshooting gets harder, teaching people about DKIM gets harder, etc. Regarding earlier discussion around weaknesses in x=; for many affected senders, a well-chosen x= may be the single most effective current defense against large-scale replay attacks. If the choice is between 5,000 replays and 5 million, that's an easy decision to make.
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
