[ietf-dkim] detecting header mutations after signing
ietf-dkim at kitterman.com
Wed Oct 13 11:47:54 PDT 2010
On Wednesday, October 13, 2010 02:27:29 pm Jeff Macdonald wrote:
> And even if there was a DKIM signature, it is the BAD GUY'S signature,
> which should cause it to go into the SPAM folder, with a large
> phishing warning.
No. That misses the point entirely. The problem here is that one can take a
DKIM signed message that is signed by any entity and add additional
From/Subjects and the message may still appear to be the one signed by the
original entity even though it's been modified post-signature.
More information about the ietf-dkim