[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?
On July 20, 2005 at 13:31, Michael Thomas wrote:
> >What prevents a malicious domain from spoofing a sender's address?
> >I.e. Is there anything in DKIM that (effectively) prevents a malicious
> >domain from using my personal address, or any one elses address?
> This was -- and continues to be -- the subject of much debate. The
> was to have the mechanics for binding the dkim address (eg i=) to outside
> addresses (eg From) addressed in the signing policy draft. Due to time
> the text that was in DKIM base did not make it into ssp, but it should
> go back in the next rev.
Okay. I'll review the next rev when it comes out.
Scanning the sender signing policy draft, I'm still not sure if
it will cover my concerns. I still think what I suggested
DKIM is modified to handle better when the From: is different from
the signed address. Validators may be REQUIRED to replace From:
with the signed address, or consider such messages in error.
Since DKIM does not support the signed address from being in a
different domain from the signer's domain, then, maybe, different
domain From addresses should not be allowed.
And/or, the use of something like DKIM-From.
This avoids the reliance of each individual person on the Net to
establish a sender signing policy. I think spoofing attacks should
be addressed without relying on sender signing policies.
> I think that the longer term answer with resigners (eg, mailing lists)
> is that
> they want to preserve the original DKIM signature bound to the From
> address as well as resign it themselves.
Why? I'm not sure there is any real value for list to preserve
the original signature.