On August 8, 2023 10:18:58 AM UTC, Laura Atkins <la...@wordtothewise.com> wrote: > > >> On 6 Aug 2023, at 19:07, Jesse Thompson <z...@fastmail.com> wrote: >> >> On Sat, Aug 5, 2023, at 6:50 AM, Laura Atkins wrote: >>>> On 5 Aug 2023, at 02:43, Jesse Thompson <z...@fastmail.com >>>> <mailto:z...@fastmail.com>> wrote: >>>> >>>> On Thu, Aug 3, 2023, at 11:08 AM, Laura Atkins wrote: ... >>> >>> A big driver of the work is actually Google. As I understand it, they are >>> having issues because the replay attackers are successfully stealing >>> reputation of otherwise good senders in order to bypass some spam >>> filtering. The replay attackers aren’t sending what we commonly think of as >>> spam through the signers - as the message is sent to one recipient (not >>> bulk) and it is opt-in (that recipient wants and has asked for the mail). >> >> This is accurate from my observation. It takes only a single message which >> evades content filters, and the attacker is the first recipient, who will >> not report it as abuse. >> >> Which is why an earlier "just don't send spam" comment seemed to be >> borderline FUSSP rhetoric. If the message isn't detected by the receiver >> (who has the most visibility into the type of mail its users want to >> receive) then how can a sender be held to a higher standard of detection >> with less visibility? > >I agree wholeheartedly. I just wanted to make it clear for the record that >this isn’t an issue of the signer knowingly signing spam and “deserving” any >reputation problems. ...
Intent has nothing to do with it. Reputation is what you do, not what you intend. Scott K _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim