ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks

2006-01-31 10:19:38
Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
If I do not publish any key records and a bad actor whips up an email
purported to be from me with a fake signature attached, a non dkim
compliant mta may have a rule that states "signed messages are probably
okay" that might bypass some spam checking software. Before DKIM is
fully adopted/deployed expect to see this happen,

Unless the attacker also has access to your zone, they won't
be able to insert their key into it, and thus the signature will
never verify. And to have *any* rule that allows bypass of defense
based upon the receipt of a header from outside your control is
extremely dangerous. It would be nothing better than a security-through-obscurity backdoor.

                Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org