On 5/3/19 4:35 PM, RW wrote:
But if you sign it with d=ena.com it wont pass as valid, unless you have also gained control of the DNS for ena.com.
I was referring to signing it with d=tnetconsulting.net.I need to reread RFC 6376 to comment further. But at this point, I think that I could sign as d=ena.com if I had access to their keys. Which obviously I / my server should not.
I need to reread if there is any protection in DKIM to detect such malicious use of the spoofed domain's keys. My current understanding is that there is not any such protection in DKIM.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
