DKIM: Does DKIM provide adequate protection from a malicious domain fro



[Maybe this is not within the scope of DKIM, but I will ask it
 anyway since it may affect how well DKIM is accepted.]

What prevents a malicious domain from spoofing a sender's address?
I.e.  Is there anything in DKIM that (effectively) prevents a malicious
domain from using my personal address, or any one elses address?

Section 6.6 appears to try to address this, but I am not sure
it is strong enough:

 In order to retain the current semantics and visibility of the From
 header field, verifying mail agents SHOULD take steps to ensure
 that the signing address is prominently visible to the user if it
 is different from the From address. If MUA implementations that
 highlight the signed address are not available, this MAY be done
 by the validating MTA or MDA by rewriting the From address in a
 manner which remains compliant with [RFC2822]

Is SHOULD good enough?  And is rewriting, at least in the given
example, sufficient.

For example, ispoofyou.org creates the appropriate DNS records
containing all require key information for DKIM usage and
sends out a message like the following:

  DKIM-Signature: a=rsa-sha1; s=whatever; d=ispoofyou.org;
        c=simple; q=dns;
        h=Received : From : To : Subject : Date : Message-ID;
        b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ
          VoG4ZHRNiYzR;
  Received: from 10.2.3.4-example.com  [10.2.3.4]
        by submitserver.example.com with SUBMISSION;
        Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
  From: Joe User <joe(_dot_)user(_at_)example(_dot_)com>
  To: Suzie Q <suzie(_at_)shopping(_dot_)example(_dot_)net>
  Subject: I need your help?
  Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
  Message-ID: <20030712040037(_dot_)46341(_dot_)5F8J(_at_)example(_dot_)com>

  ...

Assuming appropriate re-writing is done, the final From would
be:

  "Joe User via <@ispoofyou.org>" <joe(_dot_)user(_at_)example(_dot_)com>

Is this enough for an end user to determine that Joe User actually
sent the email?

Am I overlooking something?

--ewh

P.S.  If From: is rewritten, should the original From be "saved"
somewhere?


P.S.S.  The

  From: John Q. User <user(_at_)example(_dot_)com>

Example in 6.6 should have "John Q. User" in quotes (due to the period).

<Prev in Thread]	Current Thread	[Next in Thread>
DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, Earl Hood <= Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, SM Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, Earl Hood Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, SM Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, Dave Crocker Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, SM Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, Michael Thomas Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, Dave Crocker Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, Earl Hood

Previous by Date:	Re: DKIM - Header Fields, Earl Hood
Next by Date:	nowsp considered harmful, Thomas Roessler
Previous by Thread:	RE: DKIM - Header Fields, Hallam-Baker, Phillip
Next by Thread:	Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?, SM
Indexes:	[Date] [Thread] [Top] [All Lists]

DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?