[ietf-dkim] Replay isn't the problem, spam is the problem
John R Levine
johnl at iecc.com
Mon Aug 8 20:04:28 PDT 2005
> Replay protection allows automated reputation management, since it
> provides a signed proof of misconduct.
Oh, look, now we're back full circle. Please explain how your reply
protector can tell the difference between an evil replay and a normal
standard garden variety mailing list, short of some giant whitelist of
every mailing list forcing every piece of dusty mailing list software to
upgrade, or using the same heuristics we use now (which, of course, don't
need a DKIM replay detector to work.)
You're also making the assumption that spammers will blast out many
identical messages with the same signature. They stopped doing that in
about 1999, and nobody's suggested what would make them resume doing so.
It's far more likely that they'll keep doing what they're doing now,
sending out messages that are all different, or at most sending to a
handful of recipients before changing the message. Replay protection,
even if it's possible, is of no help.
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
More information about the ietf-dkim