John D'Orazio via Postfix-users: > I believe some users are in fact confusing DMARC and DKIM. DMARC is a > policy that lets receiving servers know how to deal with mail that seems to > be coming from your server but has *not* passed SPF and DKIM checks. From > the Google support forum: > > DMARC (Domain-based Message Authentication, Reporting, and Conformance) > <https://support.google.com/a/answer/2466580>: consente di indicare ai > server di destinazione le operazioni da eseguire sui messaggi in uscita > della tua organizzazione che non superano l'autenticazione SPF o DKIM > > The problem with this attack, is that is succeeds in passing SPF record > policies and DKIM signature policies with the attackers domain, then > injecting a message with a different from header into the validated > message, making seem quite like an authentic message.
Note that only the encapsulating message can contain a DKIM signature by the authenticated sender's domain. The smuggled message caannot contain a DKIM signature by the impersonated sender's domain unless the attacker compromised their signing key. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org