On 3/10/23 11:21 AM, Emanuel Schorsch wrote:
On Fri, Feb 17, 2023 at 11:11 AM Michael Thomas <m...@mtcc.com> wrote:
I've said in multiple threads that the current problem both in the
charter and the problem draft are far too vague for us to address.
Here are some from me at least:
1. Who are the victims? Just bulk senders? Are the bulk senders
signing using their domain?
We've seen a variety of victims: bulk senders, trusted brands, EDUs etc.
Can you elaborate on the trusted brands? Are they signed using the
company's domain keys? If so, is it because they've been hacked or some
other mechanism?
1. Does the To domain spammers use remain more or less static, or
do they mutate at a high rate?
We (Gmail) saw spammers frequently duplicate the To headers so they
could personalize them per recipient. RFC 5322 (duplicate header
rejection) and oversigning is effective against this.
I think this should just be table stakes for rejecting mail that has
this characteristic regardless of the normative language of the DKIM spec.
1. Do receivers collect and use reputation information on mailing
lists and other indirect flows that resign their messages?
The challenge with this is the long tail of mailing lists and indirect
flows, not all of which indicate their indirectness in an obvious way.
But if you can develop reputation for the sending domain, can't you
develop reputation on a resigning domain? Also: somebody pointed out a
lot of bulk senders use their own domain rather the From: domain. Isn't
that essentially the same problem as mailing lists?
Mike
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
