On 13 Dec 2022, at 9:06, Evan Burke wrote: > On Tue, Dec 13, 2022 at 8:45 AM Jim Fenton <[email protected]> wrote: > >> Is there anything that you can say about the types of domains whose >> reputations are suffering as a result of replay attacks? Are they, for >> example, small consumer mailbox providers, email sending providers, or >> services that for some reason allow third parties to send (presumably >> transactional) email through their servers? >> > > Predominantly ESPs, but really anyone with substantial sending volume and > good reputation on the d= domain. ESPs seem to be the primary target > because they tend to have the highest sending volume, so the attacker can > send more replays before reputation and deliverability degrade.
I’m not an ESP, of course, but it seems like they need to do more vetting of new customers (like perhaps manually reviewing their mailings) until they are convinced those new customers are good actors. I realize this is an expensive thing to do, but the ESPs are, after all, loaning their good email reputation to their customers and they need to protect that. Because of relays, this needs to be done even if those customers appear to be sending to a relatively small list of recipients. I am less sympathetic to this problem if it is primarily the result of insufficient diligence on the part of ESPs. -Jim _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
