The hacker does not need access to my zone, he just attaches a lookalike
header yes " And to have *any* rule that allows bypass of defense
based upon the receipt of a header from outside your control is
extremely dangerous." But folks will do it anyway
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: Michael Thomas [mailto:mike(_at_)mtcc(_dot_)com]
Sent: Tuesday, January 31, 2006 12:08 PM
To: Oxley, Bill (CCI-Atlanta)
Cc: fenton(_at_)cisco(_dot_)com; hsantos(_at_)santronics(_dot_)com;
ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item:
InconsistentSignature vs Policy Attacks
Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
If I do not publish any key records and a bad actor whips up an email
purported to be from me with a fake signature attached, a non dkim
compliant mta may have a rule that states "signed messages are
probably
okay" that might bypass some spam checking software. Before DKIM is
fully adopted/deployed expect to see this happen,
Unless the attacker also has access to your zone, they won't
be able to insert their key into it, and thus the signature will
never verify. And to have *any* rule that allows bypass of defense
based upon the receipt of a header from outside your control is
extremely dangerous. It would be nothing better than a
security-through-obscurity backdoor.
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org