[ietf-dkim] Replay isn't the problem, spam is the problem
Hallam-Baker, Phillip
pbaker at verisign.com
Mon Aug 8 12:02:24 PDT 2005
> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of John R Levine
> Doug has offered the only scenario so far of a replay attack,
> which is very helpful to figuring out what the threat is.
> His scenario boils down to one of a domain's users being a
> spammer, which would be a problem whether or not his spam was
> being remailed.
This attack is only relevant for public mail providers.
If an email sent from verisign.com is bulk mailed in a replay attack
then VeriSign should be held accountable.
Only a small number of domains actually offer open email service without
close accountability. Employers, educational institutions, personal
identity domains all ensure close accountability.
More information about the ietf-dkim
mailing list