Hi Rolf, > -----Original Message----- > From: Rolf E. Sonneveld [mailto:[email protected]] > Sent: Thursday, September 02, 2010 11:24 AM > To: Murray S. Kucherawy > Cc: IETF DKIM WG > Subject: Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review > > Someone sends a spam-type message from a large ESP to a mailbox he > owns, > somewhere on the Internet. The message is DKIM signed by the ESP. The > spammer then takes the entire message including complete headers, and > replays it using different envelope To: addresses and (optionally) > different envelope From addresses. A verifier find the signature to be > valid and at the end of the day this type of replay will impact the > reputation of the ESP.
All true, but this isn't anything new. I remember this came up ages ago, before even RFC4871 was published. If the concern is reputation impact, there's a different venue where that should be discussed. Reputation is specifically out of scope here. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
