According to Cyril - ImprovMX via mailop <cy...@improvmx.com>: >If you send an email hosted by Mailgun and that is redirected, Mailgun will >add a DKIM header of the managed domain. >The problem is that if I send an email setting the "From" as the email >managed by Mailgun, the email will then have a valid DKIM signature, so >DMARC won't fail. > >This allows me to send an email such as "c...@company.com" to " >emplo...@company.com" with the subject "You are fired.", the email will >look legit and cause serious troubles inside the company. >Starting from this, any social engineering attack can be implemented with >an email that will validate SPF/DKIM/DMARC. > >Since then, I moved my domain elsewhere.
Better not move it to Microsoft O365 because they have essentially the same problem, because all of their domains use the same SPF. This paper tells how widespread the forgery via forwarding problem is. (Spoiler: very) https://arxiv.org/pdf/2302.07287.pdf R's, John -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
