> On 13 Dec 2022, at 06:02, Evan Burke <[email protected]> wrote:
>
>
> On Mon, Dec 12, 2022 at 8:49 PM Murray S. Kucherawy <[email protected]
> <mailto:[email protected]>> wrote:
> At a recent meeting where I heard some mass senders talk about this problem,
> the use of "x=" as a mitigation technique was raised. I was curious to know
> what their experience was in terms of (a) success overall, but also (b) how
> broadly they found "x=" to have been properly implemented by receivers. I
> have to admit that was some months ago and now I forget the answer; maybe
> someone else who was there can fill in that blank.
>
> But I'm not sure that "x=" by itself is enough, given that it takes only a
> matter of seconds for the attack to succeed, and it seems unlikely to me that
> the "t=" and "x=" values would ever be that close together.
>
>
> x= is indeed the most effective single defensive technique for many affected
> senders whose signatures are getting replayed, but yes - in practice it's
> still "not quite enough" even when combined with multiple other mitigation
> techniques. That's why we're here; existing solutions come up short.
>
> I can't speak to support for x= broadly, but as mentioned earlier these
> replays were almost exclusively targeted at end recipients at certain large
> mailbox providers, and I can confirm those have proper support for x=.
If people are seeing DKIM replays we should have data on the delay between the
mail originally being sent, and it being replayed?
Cheers,
Steve
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
