John D'Orazio via Postfix-users:
> I believe some users are in fact confusing DMARC and DKIM. DMARC is a
> policy that lets receiving servers know how to deal with mail that seems to
> be coming from your server but has *not* passed SPF and DKIM checks. From
> the Google support forum:
>
> DMARC (Domain-based Message Authentication, Reporting, and Conformance)
> <https://support.google.com/a/answer/2466580>: consente di indicare ai
> server di destinazione le operazioni da eseguire sui messaggi in uscita
> della tua organizzazione che non superano l'autenticazione SPF o DKIM
>
> The problem with this attack, is that is succeeds in passing SPF record
> policies and DKIM signature policies with the attackers domain, then
> injecting a message with a different from header into the validated
> message, making seem quite like an authentic message.
Note that only the encapsulating message can contain a DKIM signature
by the authenticated sender's domain. The smuggled message caannot
contain a DKIM signature by the impersonated sender's domain unless
the attacker compromised their signing key.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
