ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Mailsploit

2017-12-05 15:26:43
from [Pawel Lesnikowski] [Permanent Link] 
Hi All,

I'm not sure if you noticed but it seems many client are affected by
'mailsploit':
https://www.mailsploit.com/index

Basically the attacker uses special characters inside encoded words to
spoof the sender:

From:
=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@
mailsploit.com

Such header naively decoded incorrectly is:
potus(_at_)whitehouse(_dot_)gov*\0*potus(_at_)whitehouse(_dot_)gov@mailsploit.com

Although it's not a direct attack on DKIM, if DKIM is implemented properly
and email address decoding and displaying isn't, users might be fooled.

Of course encoded words are not allowed inside email addresses (address,
not names),
but is seems many clients try to decode them.

What are your thoughts?

-- 
Best regards,
Pawel Lesnikowski
https://www.limilabs.com

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Fwd: SendGrid, GetResponse and Hubspot being used over DKIM "patent", Dave Crocker
Next by Date:  Re: [ietf-dkim] Mailsploit, Steve Atkins
Previous by Thread:  [ietf-dkim] Fwd: SendGrid, GetResponse and Hubspot being used over DKIM "patent", Steve Atkins
Next by Thread:  Re: [ietf-dkim] Mailsploit, Steve Atkins
Indexes:  [Date] [Thread] [Top] [All Lists]