DKIM Replay

I mentioned in a previous post that DKIM and SPF have known vulnerabilities. The main weakness with DKIM is that you can replay the messages. By design DKIM signed messages are replay-able meaning that under certain conditions you can send a DKIM signed message from A to B then B can replay the unmodified messages to C (or any number of recipients) and the signature will still validate. This works because DKIM does not sign the return-path message header or concern itself with message delivery at all. After all DKIM was always about content signing. ...

July 5, 2026 · 2 min · Ken O'Driscoll

New Sender Requirements 2024

2024 Update: Gmail and Yahoo! Change Their Sending Requirements Last updated: 10 August 2024 Refer to Chapter 8 (Sender Reputation) and Chapter 11 (Email Authentication) of Email Deliverability Explained (2nd edition) for background information on topics discussed in this post. Back in October 2023 Google and Yahoo! simultaneously announced that they would begin enforcing new requirements for bulk senders from February 2024 onwards. By June 2024 all of the new requirements are officially being enforced. ...

August 10, 2024 · 9 min · Ken O'Driscoll