Hi Gang https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
Quote: "DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam." A couple of days ago, I observed an email which looked like: evelope-sender: nore...@scamdomain.tld Valid SPF Entry published for the sending IP in scamdomain.tld From: "Support" <supp...@victimdomain.tld> To: "Joe Victim" <j.vic...@victimdomain.tld> Subject: Please log in to to our fake login site! DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=scamdomain.tld; s=default;h=From:Subject:.... etc... default._domainkey.scamdomain.tld published a valid public key. SPF => Valid! DKIM => Valid! How is DKIM supposed to prevent spoofing of the From: header if the attacker is able to supply the DNS entry in which to look up the public key used to sign the From: Header? DMARC Policy? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
