[ietf-dkim] ISSUE 1525 -- Clarification about posting by first
Author
Eliot Lear
lear at cisco.com
Thu Jan 17 07:45:23 PST 2008
I was viewing this as a resolution to 1525...
Michael Thomas wrote:
> Eliot Lear wrote:
>> Michael Thomas wrote:
>>> Eliot Lear wrote:
>>>> John L wrote:
>>>>>
>>>>> Reflection attacks? How would a few TXT queries make that happen?
>>>>
>>>> It would be the queries themselves I would be worried about.
>>>> Suppose someone blasts a message to thousands of domains that has
>>>> many addresses in the From: line. All of sudden all of those
>>>> domains are under attack.
>>>>
>>>> Perhaps some careful wording about how this is handled can get us
>>>> around that? I don't know.
>>>
>>> You know, I really wonder whether this is a mole hill sized mountain.
>>> I wonder how long it would take for spam filter writers to notice this
>>> kind of attack and write a new rule to send them to the bit bucket. A
>>> week? Less? Not to mention that Baysian filtering would glom onto it
>>> even faster.
>>>
>>> Mike
>>>
>>
>> Ok, perhaps it's nothing. It did occur to me as a potential attack.
>> Perhaps worth adding a line in Security Considerations?
>
>
> Is there an open issue about this? If there is, can I propose that we:
>
> 1) consider all addresses in the From: address up to some arbitrary
> limit in which case the message is suspicious
> 2) write a security consideration mentioning the reflection attack, and
> the likely mitigation that filtering software should view this as
> out of the ordinary
>
> Mike
>
More information about the ietf-dkim
mailing list