The mailauth command can detect these signatures https://github.com/postalsys/mailauth/blob/master/cli.md
For example $ mailauth report path-to-email.eml .... "canonBodyLength": 87122, "canonBodyLengthTotal": 87563, "canonBodyLengthLimited": true, "canonBodyLengthLimit": 87122, "mimeStructureStart": 87076, .... This signature uses the l-tag (canonBodyLengthLimited is true). 87122 bytes of canonicalized body were used for the signature hash (canonBodyLength), while the actual canonicalized body length was 87563 bytes (canonBodyLengthTotal) and the first byte of the actual mime tree (the first byte of the first boundary in the canonicalized body) was at 87076 bytes (mimeStructureStart) which means that only 46 bytes of the mime structure were covered by the signature and 441 bytes were not signed at all. So, this message content is most likely forged, and the BIMI logo should not be displayed even though the signature is "valid". Best regards, Andris Reinman Kontakt Gellner, Oliver via mailop (<mailop@mailop.org>) kirjutas kuupäeval R, 17. mai 2024 kell 21:42: > > > On 17.05.2024 at 16:24 Taavi Eomäe via mailop wrote: > > > > Although some of these dangers have been known for a while (some parts > are even described in the RFC itself), things like the threat landscape, > our approach and the extent to which this can be abused have changed. In > our opinion previously suggested and (rarely) implemented mitigations do > not reduce these risks sufficiently. > > > > We hope that with some cooperation from mail operators improved defense > measures can be implemented to strengthen DKIM for everyone. > > > > > > A longer description with images is available here: > https://www.zone.eu/blog/2024/05/17/bimi-and-dmarc-cant-save-you/ > > While it’s not new information that the length attribute of DKIM poses a > security risk, it’s still worthwhile to draw attention to it every once in > a while and the usual suspects who keep on using it. > > What would be interesting is a list of software that is able to ignore > DKIM signatures which contain a length attribute and how to configure this > behavior. > > — > BR Oliver > > ________________________________ > > dmTECH GmbH > Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe > Telefon 0721 5592-2500 Telefax 0721 5592-2777 > dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> > GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 > Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher > ________________________________ > Datenschutzrechtliche Informationen > Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser > ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in > Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder > sich bei uns bewerben, verarbeiten wir personenbezogene Daten. > Informationen unter anderem zu den konkreten Datenverarbeitungen, > Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer > Datenschutzbeauftragten finden Sie hier< > https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832 > >. > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
