fredrik
My friends at the Certified Senders Alliance put on a fantastic (if I do say so myself) webinar this week, where Sebastian Kluth (CSA), Fredrik Poller (Halon) and yours truly (Al Iverson) shared our thoughts and understanding about DKIM Replay Attacks. If you missed it, never fear! I’ve got a recap and recording for you below. An Overview of DKIM Replay: Email forwarding with malicious intent A DKIM replay attack involves taking an already sent message and re-injecting it via SMTP to new recipients. Often, lots of recipients. Bad guys utilize a loophole in the concept of DKIM authentication in that DKIM was meant to allow for email forwarding without failing authentication, so authentication signatures are based on the domain, content and headers, without any consideration for what server (or what IP address) transmitted that email message. Authentication is effectively divorced from infrastructure and encased entirely with the email message