On 28/Oct/10 03:36, Douglas Otis wrote: > I'll repeat the example given previously. The multiple listing of a > header in the h= parameter can not mitigate exploitation of DKIM PASS > results where a valuable domain is prefixed to that of large domain. > The large domain is unlikely concerned by possible presence of a > pre-pended header field, where their decision not to include multiple > listing for a message clearly not compliant with RFC5322. In other > words, this leaves DKIM results open to exploitation. > > From: [email protected] > From: [email protected] > DKIM-Signature: h=from, d=big-isp.com, ...
Besides RFC 5322 compliance, how is this different from a traditional unsigned spoofed "From: [email protected]"? Having just a signature doesn't mean much, and spelling how to match signature and From field is ADSP's job, even in corner cases. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
