Posts and articles covering email deliverability, marketing, operations, and infrastructure. RSS feed is available here. All content is written by and copyrighted to Ken O’Driscoll unless otherwise stated. Please reach out for licensing and syndication queries.
DKIM Replay
I mentioned in a previous post that DKIM and SPF have known vulnerabilities. The main weakness with DKIM is that you can replay the messages. By design DKIM signed messages are replay-able meaning that under certain conditions you can send a DKIM signed message from A to B then B can replay the unmodified messages to C (or any number of recipients) and the signature will still validate. This works because DKIM does not sign the return-path message header or concern itself with message delivery at all. After all DKIM was always about content signing. ...