Hi, Murray, On 09/02/2010 07:42 PM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: [email protected] [mailto:ietf-dkim- >> [email protected]] On Behalf Of Alessandro Vesely >> Sent: Thursday, September 02, 2010 10:35 AM >> To: [email protected] >> Subject: Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review >> >> However, the other issue is to break or remove author domain >> signatures. John has pointed this out since a long time, for FBL >> reasons. Doug has brought out the same issue for replaying attacks >> aimed at breaking reputation, because replaying is definitely out of >> control in case of publicly distributed messages. > What's the danger of replaying legitimate mail, other than to cause volume > detection alarms to go off?
I think Doug was not talking about replaying legitimate mail but illegit mail. I believe Doug described this scenario in one of his previous messages either on domainrep or here on this list (Doug, excuse me if this summary lacks the nuances): Someone sends a spam-type message from a large ESP to a mailbox he owns, somewhere on the Internet. The message is DKIM signed by the ESP. The spammer then takes the entire message including complete headers, and replays it using different envelope To: addresses and (optionally) different envelope From addresses. A verifier find the signature to be valid and at the end of the day this type of replay will impact the reputation of the ESP. BTW: if the original message was sent from the ESP via an MLM and the MLM re-signs the message, the reputation impact will be on the MLM's domain and (in most cases) not the ESP's as the original signatures get broken by the MLM in most situations. /rolf _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
