On 17/05/2024 15:12, Taavi Eomäe via mailop wrote:
Hi!
As part of coordinated disclosure, I am sharing it here as well. In
short, using the approach described below, attackers can replace the
entire contents of a letter, in a way the letters still pass DKIM’s
cryptographic checks. This also means these forged letters can be easily
replayed to reach their victims. This subverts many of the expectations
operators have about DKIM signatures, DMARC and BIMI.
Although some of these dangers have been known for a while (some parts
are even described in the RFC itself), things like the threat landscape,
our approach and the extent to which this can be abused have changed. In
our opinion previously suggested and (rarely) implemented mitigations do
not reduce these risks sufficiently.
We hope that with some cooperation from mail operators improved defense
measures can be implemented to strengthen DKIM for everyone.
A longer description with images is available here:
https://www.zone.eu/blog/2024/05/17/bimi-and-dmarc-cant-save-you/
After some thinking, I have decided[1] that Rspamd should reject DKIM
signatures where l tag covers less than 90% of the message body. I hope
it should reduce the potential attack surface.
[1]: https://github.com/rspamd/rspamd/pull/4975
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
