> We're definitely seeing dkim replay attacks and of course doing our > best to catch them.
Out of curiosity, one thing I thought might be a strong sign of a replay attack is lots of emails with the same b= value in the DKIM-Signature. Obviously mass mailings might trigger this as well, but I'm wondering if that's the case or not. Do most mass mailers/ESPs generate a separate Message-Id and DKIM signature for each email, or do most just sign once? I guess mailing lists would cause this to happen as well. Curious what your statistics are and if it's a worthwhile signal or not. Rob Mueller [email protected]
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
