On 16/01/2024 17:52, Mike Hillyer wrote:
One example of this documented is Brian Godiksen's blog post at https://www.socketlabs.com/blog/dkim-replay-attacks-preventive-measures-to-protect-email-deliverability
The post explicitly mentions subject, to, from, date and reply-to headers. I don't know if signing technical headers (e.g. MIMI-Version) can help against replay, but it weakens signature's resilience.
The post says "One interesting aspect to these attacks is that messages are commonly modified by the attacker." I guess they try and escape ESP's content filtering on outgoing messages...
Best Ale -- _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
