On 5/3/2019 6:40 PM, Grant Taylor wrote: > I think that I could sign as d=ena.com if I had access to their keys. > Which obviously I / my server should not. > > I need to reread if there is any protection in DKIM to detect such > malicious use of the spoofed domain's keys. My current understanding > is that there is not any such protection in DKIM.
Unless you have the private key matching the public key in DNS of a domain, that's the benefit of a DKIM signature. You might want to read more about asymmetric crypto: https://en.wikipedia.org/wiki/Public-key_cryptography Regards, KAM -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171