Hello everybody, Recently this article came to my attention: http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html
It gives a nice overview of some of the vulnerabilties in the DKIM spec. I understand that this is mostly stuff which is in the spec already. However with regards to the trustworthyness of DMARC I do think it is good to highlight these in this list as well. I would like to call out to the ISPs on this list to verify their handling of the headers as described. Furthermore I wanted to check how we (as a DMARC group) should handle DKIM sigs which cannot be fully trusted, can we improve this? Regards, Michiel
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)