Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent email spoofing #8

Open
RoyTakanen opened this issue May 25, 2022 · 1 comment
Open

Prevent email spoofing #8

RoyTakanen opened this issue May 25, 2022 · 1 comment

Comments

@RoyTakanen
Copy link
Member

People can send emails to koirameili from any domain because there are no DKIM checks in place. User should be warned if DKIM signature does not match or does not exist when domain has one configured.

DKIM:

Adds a digital signature to every outgoing message, which lets receiving servers verify the message actually came from your organization

Proof:

root@reformist0refract:~# telnet teapot.testausserveri.fi 25
Trying 152.67.70.55...
Connected to teapot.testausserveri.fi.
Escape character is '^]'.
220 12f1b26b3cc8 ESMTP
HELO 185.150.18.211
250 12f1b26b3cc8 Nice to meet you, [185.150.18.211]
MAIL FROM: <masterminds@testausserveri.fi>
250 Accepted
RCPT TO: <erikoisjaakari@koira.testausserveri.fi>
250 Accepted
DATA
354 End data with <CR><LF>.<CR><LF>
From: masterminds@testausserveri.fi
To: erikoisjaakari@koira.testausserveri.fi
Subject: lähettäjä spoofattu

Katso viestin lähettäjä.

.
250 OK: message queued

kuva
@ahnl
Copy link
Member

ahnl commented May 25, 2022

Thank you for this issue.

If anyone can figure out how to implement DKIM check in this, feel free to suggest or make a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ahnl @RoyTakanen