Sv: Why do so many dovecot list mails fail dmarc?
Sebastian
sebastian at sebbe.eu
Sat Aug 14 21:50:06 EEST 2021
>>Reply-to and From are both listed twice
This is called "oversigning" and means that a null variant of Reply-To: and From: are signed too,
preventing adding additional headers of Reply-To: And From:.
This is particular important for headers that are permitted to be in a email multiple times, as an
attacker could add headers into a signed mail without failing signature, if the headers are not
"oversigned".
With oversigning (twice header listing):
Signed:
Reply-To: me at somebody.com
In email:
Reply-To: me at somebody.com
Reply-To: attacker at suspicious.com
Would fail signature.
Without oversigning (header only listed once):
Signed:
Reply-To: me at somebody.com
In email:
Reply-To: me at somebody.com
Reply-To: attacker at suspicious.com
Would pass signature.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5715 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210814/e84d7b24/attachment.p7s>
More information about the dovecot
mailing list