On Sun, 10 Jul 2011, Hector Santos wrote: > Well, you have a point: > > DKIM has failed to address legacy spoofing problems.
That's not quite the point I intended to make. I consider it faintly possible that a situation could arise where a lazy validation module embedded in an MTA always checked the last of multiple Froms:, while an MUA always displayed the first From: -- or vice versa. But I find it very unlikely that a validation module embedded in the MUA itself would be vulnerable. It might fail to notice double Froms:, but it will validate the same one it shows the user. So it will either sound the alarm, or say "correctly signed" while ignoring the address the forger wanted the user to see, showing his own domain instead. Now, unless the MTA is *so confident* that a signature should have been there that it *refuses to deliver* suspect mail, its validator doesn't have an effect on the end-user. And such confidence isn't likely without use of a layered protocol, ADSP being the only one published yet. Thus, if the user has no validator in his MUA, for now it's just as if DKIM didn't exist. Doublefrom can't buy the forger anything more. If he does have a validator in his MUA, then he is unlikely to be vulnerable. (and that doesn't even consider all the fuss we've made here about this angel on a pinhead...) ---- Michael Deutschmann <[email protected]> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
