DKIM: You're Doing It Wrong

Presented at HOPE Number Nine (2012), July 14, 2012, 10 p.m. (60 minutes).

DomainKeys Identified Mail (DKIM) is the most effective, widely deployed email forgery countermeasure available today... if implemented correctly. Many of the world’s largest and most trusted companies, including some of those driving the standard, have fatally flawed deployments. When the first standard for SMTP was published in 1982, the Internet was a much smaller and safer place. Ever since the first spammers, we’ve been trying to fix email with various hacks such as callout verification, forward confirmed reverse DNS, PGP, S/MIME, SPF, Sender ID, DomainKeys, DKIM, and an ever-changing collection of filters. All of them have serious flaws. This talk will cover several common mistakes made when deploying DKIM and how they can be exploited to achieve the holy grail of email forgery.


Presenters:

  • Quincy Robertson
    Quincy Robertson is an information security researcher from the San Francisco Bay Area with a background in networking and Linux system administration. His first foray into hacking was reverse engineering video game save files back in the DOS era.

Links:

Similar Presentations: