On 1/11/2023 8:15 AM, Grant Taylor wrote:
I'd think that both are a replay. A signature that validates would be
a successful replay while a signature that fails is a failed replay.
But both are replays to me.
Remember, an attack doesn't need to succeed to be considered an attack.
If the DKIM signature fails, then the message is just classic spam. Yes
it's an attack, but it is 'just' a regular spam attack.
What distinguishes DKIM Replay from average spam is its use of the
signing domain's reputation. If DKIM does not validate, that reputation
does not come into play. (Remember that the specification says a failed
DKIM is the same as no DKIM present.)
d/
ps. this exchange nicely demonstrates the need to make sure the wg
documents on Replay are extremely clear and precise.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@[email protected]
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
