On 2010-10-13 at 08:13 -0700, Todd Lyons wrote: > In the IETF-DKIM mailing list, it came to light that an attacker could > send a properly signed email with the attacker's domain, but prepend a > second From: header that says it's from [email protected], and MUA's > will show the second From. It doesn't screw up the signature because > the original From: is what is used to verify the signature. At issue > is that RFC 5532 requires that an email have only one From: header.
Thanks. http://bugs.exim.org/show_bug.cgi?id=1030 filed, you shouldn't have had to do this. -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
