In my discussions, I've been told of malicious parties sending messages with blank subject headers (not missing, the header name is there with no value), and adding a second subject header with the payload subject line, and some MUAs will either show the subject because it is higher up in the header list, or because the original was blank, but the DKIM validates because the blank subject header is in the signature and is the one checked. We already sign headers in the header list that are not present, but we want to sign an extra nil header for this kind of scenario, as long as what I said before is true, that the header should be DKIM signed, but additional header instances may be needed further into the flow.
One example of this documented is Brian Godiksen's blog post at https://www.socketlabs.com/blog/dkim-replay-attacks-preventive-measures-to-protect-email-deliverability Mike From: Dave Crocker <[email protected]> Sent: Tuesday, January 16, 2024 11:34 AM To: Mike Hillyer <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [Ietf-dkim] Headers that should not be automatically oversigned in a DKIM signature? On 1/16/2024 8:18 AM, Mike Hillyer wrote: In an effort to make it easier for our users to prevent DKIM replay attacks, we're looking at adding an option to our DKIM signing module to automatically oversign headers in the DKIM signature, adding an additional entry in the headers list to assert a null header, preventing a malicious third party from adding an additional header but having the message still validate as DKIM because only one instance of the header was listed in the signature. While I applaud your goal, it is not immediately obvious to me how this can reduce or eliminate DKIM Replay. Could you provide an example? Thanks. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@[email protected] _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
