At 23:19 19-07-2005, Earl Hood wrote:
What prevents a malicious domain from spoofing a sender's address?
I.e. Is there anything in DKIM that (effectively) prevents a malicious
domain from using my personal address, or any one elses address?
The receiver's domain determines what action to take if the email
fails verification. If the published sender's DKIM policy states
that all email is signed, such spoofs can be caught.
Section 6.6 appears to try to address this, but I am not sure
it is strong enough:
In order to retain the current semantics and visibility of the From
header field, verifying mail agents SHOULD take steps to ensure
that the signing address is prominently visible to the user if it
is different from the From address. If MUA implementations that
highlight the signed address are not available, this MAY be done
by the validating MTA or MDA by rewriting the From address in a
manner which remains compliant with [RFC2822]
Is SHOULD good enough? And is rewriting, at least in the given
example, sufficient.
For example, ispoofyou.org creates the appropriate DNS records
containing all require key information for DKIM usage and
sends out a message like the following:
DKIM-Signature: a=rsa-sha1; s=whatever; d=ispoofyou.org;
c=simple; q=dns;
h=Received : From : To : Subject : Date : Message-ID;
b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ
VoG4ZHRNiYzR;
Received: from 10.2.3.4-example.com [10.2.3.4]
by submitserver.example.com with SUBMISSION;
Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
From: Joe User <joe(_dot_)user(_at_)example(_dot_)com>
To: Suzie Q <suzie(_at_)shopping(_dot_)example(_dot_)net>
Subject: I need your help?
Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
Message-ID: <20030712040037(_dot_)46341(_dot_)5F8J(_at_)example(_dot_)com>
...
Assuming appropriate re-writing is done, the final From would
be:
"Joe User via <@ispoofyou.org>" <joe(_dot_)user(_at_)example(_dot_)com>
Is this enough for an end user to determine that Joe User actually
sent the email?
No, it isn't enough for Joe User. :) The MUA could display a
prominent alert in such a case.
Regards,
-sm