OpenDKIM icon indicating copy to clipboard operation
OpenDKIM copied to clipboard

Published 20 hours ago verified publisher icon trusteddomainproject

18 attacks on SPF/DKIM/DMARC published in "Composition Kills" paper

Open raforg opened this issue 4 years ago • 1 comments
trafficstars

Apologies if this has already been addressed, but a paper in last year's USENIX Security Symposium details 18 practical attacks against Email Sender Authentication. It's brutal. For details, see:

https://www.usenix.org/sites/default/files/composition-kills.pdf https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf https://www.usenix.org/conference/usenixsecurity20/presentation/chen-jianjun

Any changes to OpenDKIM that could address any of these would be awesome.

raforg avatar Oct 05 '21 07:10 raforg

Also see cross-post at https://github.com/trusteddomainproject/OpenDMARC/issues/191

glts avatar Jan 03 '22 16:01 glts

I don't think there are any issues mentioned in either that paper that affect specifically openDKIM -- in fact, the issues called out OpenDMARC with every other DKIM software, but never our own. A security community that doesn't miss a chance to issue a CVE against us (like one for the tests/ directory, seriously), hasn't pointed something out here.

thegushi avatar Jan 06 '23 02:01 thegushi