On 17/7/22 10:37, Ansgar wrote:
On Sun, 2022-07-17 at 10:29 +0200, Dominik George wrote:tl;dr: DKIM-signed mail is verifiable, but only the headers; the body can be tampered with;This is just wrong. There is no reason to sign mails to ensure authenticity if one can just change the body...
The goal of this isn't to provided end to end authentication. It's to hold the domain in From: address accountable for the content the message. Without DKIM the From: address can be easily forged, and any spammer can impersonate the From: address.
Despite what Dominick says the body is always included in the DKIM signature. In fact the just about everything in the email can be covered by the signature. In an ideal world you would cover everything, but in our world relaying SMTP servers regularly append stuff to bodies and mangle with headers (eg, spamassassin will shove stuff into the Subject:), and that breaks the signature. DKIM "solved" this by allowing the sender to specify what headers in the message the signature covers. You also get to specify a body length, so all characters after that length are ignored, thus "solving" the append problem.
rfc6376 does supply a recommended list of what to include in signature, but perhaps takes compatibility too far by allowing everything to be optional, bar the From: field. No receiver would accept purely the From: field signed as that makes replay attacks trivial, so each receiver sets its own standards. And yes, that's messy.
But in practice, what has to be signed to make it impractical for spammers to use existing signatures in replay attacks isn't much. The From:, Date:, To:, Cc: is enough. The fact that most email clients order your inbox by date means the Date: field will ensure an existing signature is only good for a few days before the spam appears too far down to be noticed. So it all works out for it's intended purpose.
It's intended purpose isn't to replace gpg signed emails. It can't really, as it's not signed by the sender, it's signed by the domain. That means a ISP can forge a signature from anybody using them. That doesn't matter for DKIM, as it's intended purpose is to hold the ISP accountable for spam sent from it's domain. That assumption is the ISP will police it's users.
Nonetheless, I personally use it as a form of authentication. My wife once fell for a PayPal phishing attack that cost us well over $1,000 from memory. The curious thing is phishing the email had a valid DKIM signature from paypal.com. I contacted them immediately and a full refund happened very quickly. I'm pretty sure the refund would have happened anyway, but it was nice to have the DKIM signature on my side.
Attachment:
OpenPGP_0xF5231C62E7843A8C.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature