On Mon, Aug 7, 2023 at 7:43 PM Jesse Thompson <[email protected]> wrote:
> Similar to what Emmanuel is saying about detecting SPF/DKIM zone > misalignment, the solution to DKIM replay is for receivers to maintain some > state and feed it into bespoke replay detection algorithms. If all > receivers can maintain this kind of state, then there's nothing senders > need to do, I suppose? Given that *normally* all of the messages we emit > have unique message-ids, receivers can just limit the amount of duplicative > message-ids they accept from us. Assuming they know the situations in which > message-ids would not be unique. That's another thing that maybe needs to > be communicated somehow as "this is normal in this situation". > Isn't this a derivative of the "Count DKIM signatures" approach identified in the current problem statement document? If so, do you have any comments on the points against such an approach? Since you specifically mention Message-IDs, does anyone have data on how often that header field is included in signatures? If it's not, then rotating Message-IDs at random defeats such an approach and drives up the receiver's operational cost to boot. -MSK, the usual
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
