I’ve been helping with development on an email auto-responder at bridges.torproject.org/
We would like to avoid the scenario of someone spoofing mail from Yahoo and GMail, causing us to send unwanted email to users and potentially blacklisting our server. We are currently using dkimproxy and it works well, but I am wondering about spoofed signatures.
For example, suppose someone who controls evildomain.com creates a signature for a mail purporting to be from gmail.com:
From: example @gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=evildomain.com; s=dkim;
h=received:received:message-id:date:from:sender:to:subject:mime-version:content-type;
bh=bsaOamRrkRbQ+4yvELsh+GD+zFbIefyVSPNumg8nxo8=;
This signature should pass verification, since they public key is controlled by evildomain.com, even though it’s for another domain. The author policy might not permit this, but it appears that dkimproxy only uses the policy for deciding whether or not to reject the mail.
The way we are using dkimproxy is to inspect the X-DKIM-Authentication-Results header to decide whether to respond to the email, so will not catch this attack. I’ve attached a patch which adds a X-DKIM-Authentication-Domain header, containing the domain name used to retrieve the signature.
With this header, it is possible to confirm that both the signature was correct and the public key came from the same domain name we are
about to send to.
Can anyone see any problems with this approach, or suggest a better way to archive our goals?