Questions tagged [dkim]

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing by allowing the receiving party to verify with the sending party that the email actually originates from their domain.

65 questions
37
votes
2 answers

How did this paypal spoof email pass SPF, DKIM and DMARC

This mail that got through has me stumped. It appeared to me as being from PayPal in my Inbox. I happened to look at the original and it says SPF, DKIM and DMARC all passed. If I'm reading this right, 74.112.67.243…
ianw
  • 401
  • 1
  • 2
  • 6
8
votes
2 answers

How did a phishing email pass SPF, DKIM and DMARC?

A friend received a spoofed email (from Bank of America using an uber.com address) which was correctly identified as 'spam' by Gmail. However, looking at the raw message it seems to have passed SPF, DKIM and DMARC checks. 1) How did a spam email…
Islay
  • 593
  • 1
  • 4
  • 9
8
votes
1 answer

How to create email that will fool DKIM verifier?

Sammy the sender is sending email to Rita the recipient. I know Sammy will apply a DKIM signature to the email and Rita is going to check the DKIM signature with a DKIM validator. I am a malicious man-in-the-middle. I want to modify the email so…
D.W.
  • 98,420
  • 30
  • 267
  • 572
7
votes
3 answers

Why does DKIM verification succeed with a signature from Yahoo when all headers are spoofed to look like GMail?

Today I got a scam e-mail which I decided to disect. I quickly found that it was sent from a GMail address (From, Reply-To, Return-Path) but that the mail itself came from Yahoo. HELO from Yahoo Received from IP maps both forward and reverse Mail…
jornane
  • 415
  • 2
  • 14
7
votes
2 answers

Finding DKIM selectors without mailing

Is there any way to find out what selectors are used by a domain in their DKIM record without access to an e-mail send from that domain? So to clarify, let's say I know example.com has DKIM implemented. I cannot receive an e-mail from example.com as…
Wealot
  • 879
  • 2
  • 12
  • 25
6
votes
1 answer

Why is still so easy to send phishing emails?

When I first started playing around with how SMTP worked over 20 years ago, I remember being somewhat surprised how easy it was to make an email appear in someone else's mailbox that looked like it came from anyone at all. These days, SMTP servers…
5
votes
1 answer

Why set up DMARC for SPF if it's already set up for DKIM?

I have SPF and DKIM. I'm planning on adding DMARC to tell receivers to expect SPF and/or DKIM. I've read that it's best to set DMARC up with both SPF and DKIM, but I don't understand exactly when having it for both would be better than having it…
Qaz
  • 185
  • 6
5
votes
2 answers

How can I prevent email spoofing from my domain?

I recently registered a domain name, and set up an email account tied to it with Zoho mail. I'm concerned about making sure all emails from this domain are signed to prevent spoofing. I've enabled SPF and DKIM on Zoho and my domain, but is this…
Myridium
  • 156
  • 1
  • 8
4
votes
3 answers

Why is DMARC failing when SPF and DKIM are passing?

I've seen this question asked before, but unfortunately, don't understand the responses. I think its something to do with "from" headers being defined differently by different standards. I've added all the domains in the "from" to SPF records, but…
4
votes
2 answers

Email verification by sending mail instead of receiving

I have an app whose main purpose is to help people track emails they send. In most user onboarding, The user is sent a secret URL via email. They validate by clicking a link to return the secret. An alternative would be to create a mailto: link…
Michael Cole
  • 288
  • 1
  • 8
4
votes
3 answers

Security of SPF vs SPF and DKIM in email

I am looking for an email provider that I will use with custom domain, one provider is cheaper but has only SPF while the other is more expensive but uses both SPF and DKIM and I'm not sure if paying more is worth it if the other factors are…
user139275
  • 41
  • 1
  • 1
  • 2
3
votes
2 answers

What is the point of having SPF and DKIM set up, but having DMARC with policy=none?

Under this FAQ it says that using policy=none is a way for domain owners to monitor forged emails, without having to set up SPF/DKIM. But what im wondering, because i dont fully understand what SPF/DKIM itself does, is: What is the point of having…
Flying Thunder
  • 267
  • 1
  • 2
  • 6
3
votes
1 answer

Does gmail still ignore DKIM if SPF passes, DMARC style?

This blog post from 2016 shockingly implies that gmail will accept an email if either SPF or DKIM passes. We use G suite SMTP servers, therefore SPF provides almost zero protection from spoofing. Is this still the case? Since DMARC only needs one…
Morrison
  • 33
  • 3
3
votes
2 answers

Does DKIM protect the whole body message?

From RFC6376 #page-29, it says: In hash step 1, the Signer/Verifier MUST hash the message body, canonicalized using the body canonicalization algorithm specified in the "c=" tag and then truncated to the length specified in the "l=" tag. From…
Rick
  • 1,027
  • 1
  • 8
  • 21
3
votes
2 answers

What is the reason for DMARC spec to not require specifically SPF or DKIM pass?

DMARC produces "pass" result if and only if at least one of SPF and DKIM checks pass. It has been noted that DKIM provides stronger protection of the two (if implemented properly). But, in order to require namely DKIM passing by a DMARC policy, one…
1
2 3 4 5