It is my understanding that this (differentiating the benign from the abuse) is something dkim2 is intended to address. With the current state of play it is indeed incredibly difficult to differentiate.
DKIM replay is an overloaded term, it can apply to both the benign and the non-benign. RFC-6376 clarifies this by using the term "Replay/Spam Attacks" making it clear it refers only to the non-benign replays. On Mon, 6 Jan 2025, at 2:25 PM, Michael Thomas wrote: > > > On 1/5/25 7:15 PM, Murray S. Kucherawy wrote: >> On Sun, Jan 5, 2025 at 7:11 PM Michael Thomas <m...@mtcc.com> wrote: >>> On 1/5/25 7:07 PM, Murray S. Kucherawy wrote: >>> >>>> >>>> On Sat, Dec 28, 2024 at 6:31 PM Bron Gondwana >>>> <brong=40fastmailteam....@dmarc.ietf.org> wrote: >>>>> • The SMTP RCPT TO address might not be present in the signed header >>>>> fields of an email, meaning that the same message can be sent to >>>>> arbitrarily many recipients, and those recipients can not tell if the >>>>> signer intended to them as recipients. >>>> >>>> Am I poking a hornet's nest here, or is it safe to state that this is the >>>> commonly understood definition of "DKIM replay"? >>> No. See: crashed and burned. >>> >> I don't think you're talking about the same thing I am. I'm talking about >> the definition provided in Section 8.6 of RFC 6376. There's at least >> anecdotal evidence that this is a problem these days, and if that bullet can >> be referenced using a common term, I think it should. >> >> (And let's try to be constructive here.) > I'm saying that I don't think it is well understood how to differentiate the > benign from the non-benign. That is very relevant. Potter Stewart's "I know > it when I see it" is not a very good test for internet standards. Heuristics > are generally a bad idea for standards. > > Mike > > _______________________________________________ > Ietf-dkim mailing list -- ietf-dkim@ietf.org > To unsubscribe send an email to ietf-dkim-le...@ietf.org > -- Marc Bradshaw marcbradshaw.net
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
