Sebastian Kluth
My friends at the Certified Senders Alliance put on a fantastic (if I do say so myself) webinar this week, where Sebastian Kluth (CSA), Fredrik Poller (Halon) and yours truly (Al Iverson) shared our thoughts and understanding about DKIM Replay Attacks. If you missed it, never fear! I’ve got a recap and recording for you below. An Overview of DKIM Replay: Email forwarding with malicious intent A DKIM replay attack involves taking an already sent message and re-injecting it via SMTP to new recipients. Often, lots of recipients. Bad guys utilize a loophole in the concept of DKIM authentication in that DKIM was meant to allow for email forwarding without failing authentication, so authentication signatures are based on the domain, content and headers, without any consideration for what server (or what IP address) transmitted that email message. Authentication is effectively divorced from infrastructure and encased entirely with the email message
Even though I’m no longer with Kickbox, I’m still eager to knowledge share and here’s a great upcoming webinar opportunity! Join us on Tuesday, November 14th, when Sebastian Kluth from the CSA, Fredrik Poller from Halon, and yours truly will have a geeky and fun chat about the pernicious problem of DKIM replay attacks. Should you be worried? Who does this affect most? What CAN you do about them? Is it being seen in the wild? And more. Click here for more information or to register.
Here’s another webinar opportunity that you won’t want to miss! My Kickbox colleague Jennifer Nespola Lantz recently wrote a very detailed breakdown of email headers and how they impact deliverability (the series starts here) and now she’ll be sharing her email header-related expertise in this upcoming session with CSA technical lead Sebastian Kluth. Got a question about email headers? Wondering how all that all works? Want to learn about x-headers and what makes them useful? Then this is for you!Behind the Scenes: A Closer Look at Email Headers for Better Deliverability will take place on Tuesday, March 28th at 10:00 am US central time, and you can register for it here.
Today’s guest post comes from Sebastian Kluth of the Certified Senders Alliance. This is cross-posted from Linkedin, with his permission. Thanks, Sebastian, for helping encourage us to start thinking about the possibilities for the future evolution of bounces! (And click here to learn more about the Certified Senders Alliance.)Bounces are a primary KPI and measurement unit in email marketing and email deliverability. A bounce provides delivery status notifications (DSNs – see RFC 3463).Basically, when we talk about bounces, we are thinking of the following standard definitions:Hard Bounce: a permanent delivery failure due to an invalid email address or non-existing domain name.Soft Bounce: a temporary delivery failure due to a full inbox, server downtime, or the message size exceeding limits.Very straightforward, very top level and very technical. The idea behind sending bounces was to inform the sending MTA about the delivery status to the recipient MTA via SMTP. SMTP status codes were