John D'Orazio via Postfix-users:
> I believe some users are in fact confusing DMARC and DKIM. DMARC is a
> policy that lets receiving servers know how to deal with mail that seems to
> be coming from your server but has *not* passed SPF and DKIM checks. From
> the Google support forum:
> 
> DMARC (Domain-based Message Authentication, Reporting, and Conformance)
> <https://support.google.com/a/answer/2466580>: consente di indicare ai
> server di destinazione le operazioni da eseguire sui messaggi in uscita
> della tua organizzazione che non superano l'autenticazione SPF o DKIM
> 
> The problem with this attack, is that is succeeds in passing SPF record
> policies and DKIM signature policies with the attackers domain, then
> injecting a message with a different from header into the validated
> message, making seem quite like an authentic message.

Note that only the encapsulating message can contain a DKIM signature
by the authenticated sender's domain. The smuggled message caannot
contain a DKIM signature by the impersonated sender's domain unless
the attacker compromised their signing key.

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to