[Mimedefang] sendmail spf milter plugin for sendmail 8.13.0
WBrown at e1b.org
WBrown at e1b.org
Wed Aug 18 09:17:09 EDT 2004
mimedefang-bounces at lists.roaringpenguin.com wrote on 08/18/2004 08:39:53
AM:
> Furthermore, DomainKeys is trivially defeated with a replay attack.
> Send yourself the spam through the signing server. Now you have a
signed
> spam that you can re-mail far and wide. Of course, you can't mutate it,
> which might increase the effectiveness of DCC and the like, but it still
> means you can't *really* trust a properly-signed message.
But wouldn't this require access to an account on the domain you are going
to claim the email is from?
If I want a message signed by Citibank, I would need access to send a
message from their server. I don't have that and I'll bet most
spammers/phishers don't either.
More information about the MIMEDefang
mailing list