%% You should probably cite draft-ietf-dkim-replay-problem instead of this I-D. @techreport{chuang-dkim-replay-problem-01, number = {draft-chuang-dkim-replay-problem-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-chuang-dkim-replay-problem/01/}, author = {Wei Chuang and Allen Robin and Bron Gondwana}, title = {{DKIM Replay Problem Statement and Scenarios}}, pagetotal = 12, year = 2023, month = feb, day = 10, abstract = {DomainKeys Identified Mail (DKIM, RFC6376) claims some responsibility for a message by associating a domain and protecting the integrity of the covered portion of a message during transit through a digital signature. DKIM survives basic email relaying. In a Replay Attack, the recipient of a DKIM-signed message sends the message further, to other recipients, while retaining the original, validating signature, thereby seeking to leverage the reputation of the original signer. This document discusses the damage this causes to email delivery and interoperability, and the associated Mail Flows. A significant challenge to mitigating this problem is that it is difficult for Receivers to differentiate between legitimate forwarding flows and DKIM Replay.}, }