On Sun, 14 Aug 2016, at 02:07 PM, Steve Atkins wrote: > There is no technical way to prevent DKIM replay attacks. All you can > do is to make them unattractive, by making mail sent using them less > likely to be delivered or unprofitable. > … > If your business model include 30 days of access with no payment, no > credit card, no contract and no authentication ... that's going to be > part of the discussion.
Sure. The thing is we also have to deal with stolen credit cards and compromised accounts. We have a number of mechanisms in place to detect and block abuse at all these levels, but like any mailbox host, we can never hope to stop 100% of malicious content. Rob's original email was to a) ask whether there are any other measures people are taking that could help with this from the sender side (to which the answer definitely seems to be "no"); and b) to see whether other operators incoming spam scanning systems are accounting for this kind of attack. We're all trying to work together here, and if a legitimate message from a user at FastMail fails to reach the inbox of a user at Service X, that's a failure for both of us. Similarly if the situation is reversed. > [1] Well, fastmail distinguishes itself by not allowing the bulk > spam to > be sent from their network. Allowing that would likely eliminate DKIM > replay attacks... Indeed it might. :) Neil.
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
