On Wed, Aug 16, 2023, at 8:26 AM, Laura Atkins wrote:
>
>
>> On 16 Aug 2023, at 12:59, Alessandro Vesely <[email protected]> wrote:
>
>> BTW, how many replay attacks does an average ESP or MP notice in one month?
>
> Maybe representatives of either group could offer numbers.
ESPs have limited visibility because feedback is mostly sent to the whois
contact of the infrastructure emitting the replay (unless specific feedback
mechanics are set up for DKIM signers)
https://www.rfc-editor.org/rfc/rfc6650#section-5.3
Where an abusive message is authenticated using a domain-level
authentication technology such as DKIM [RFC6376] or SPF [RFC4408],
the domain that has been verified by the authentication mechanism is
often a reasonable candidate for receiving feedback about the
message. For DKIM, though, while the authenticated domain has some
responsibility for the mail sent, it can be a poor contact point for
abuse issues (for example, it could represent the message's author
but not its sender, it could identify the bad actor responsible for
the message, or it could refer to a domain that cannot receive mail
at all).
Jesse_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
