Top Deliverability’s Blog
Spam Resource: DKIM replay attacks and what to do about them
- December 14, 2022
- Posted by: Top Deliverability
- Category: Industry News Spam Resource
Al Iverson just issued another interesting post on Spam Resource:
DKIM replay attacks are one of the new big things lately, and they work like this: Take a DKIM signed email message, and re-send it to a billion other people. Maybe add another header (or change the subject, if the signature doesn’t cover the subject), or maybe change nothing. Just take that message and randomly spam a million people. The mail will pass DKIM authentication checks, as long as it is sufficiently unchanged, and thus it authenticates as if it were a legitimate email message. Even if you weren’t the original intended recipient. Even if it was sent only to one person but then recent to a million other people, just to annoy them. That’s not a good thing — it can damage a sender’s domain reputation, because people unhappy about that unwanted mail will report it as spam, and spam reporting processing mechanisms will tie it back to the
Continued here: DKIM replay attacks and what to do about them
Leave a Reply Cancel reply
Email Service Providers Handbook
The most comprehensive “Handbook of Email Service Providers“!
SPAMASSASSIN RULES
All SpamAssassin rules in one place, EXPLAINED!
SMTP COMMANDS
& REPLY CODES
All SMTP/ESMTP commands and reply codes in one place, EXPLAINED!
Free DNS Tool
Check the DNS records of your domain with our free DNS tool.
Deliverability Glossary
The most comprehensive Email Deliverability and Marketing Glossary!
- Term: DomainKeys Identified Mail (DKIM)
- Term: Header
- Term: Spam
- Term: Authentication
- Term: Recipient
- Term: Sender
- Term: Domain Reputation
- Term: Email Service Provider (ESP)
- Term: SpamAssassin
- Term: Simple Mail Transfer Protocol (SMTP)
- Term: Accelerated Mobile Pages (AMP)
- Term: Extended Simple Mail Transfer Protocol (ESMTP)
- Term: Domain Name System (DNS)
- Term: Deliverability