Re: [exim] RFC 5532 enforcement

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM\Todd Lyons at <-
MMMTodd Lyons at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Todd Lyons
CC: exim-users
Subject: Re: [exim] RFC 5532 enforcement
On 2010-10-13 at 08:13 -0700, Todd Lyons wrote:
> In the IETF-DKIM mailing list, it came to light that an attacker could
> send a properly signed email with the attacker's domain, but prepend a
> second From: header that says it's from someone@???, and MUA's
> will show the second From. It doesn't screw up the signature because
> the original From: is what is used to verify the signature. At issue
> is that RFC 5532 requires that an email have only one From: header.

Thanks.

http://bugs.exim.org/show_bug.cgi?id=1030 filed, you shouldn't have had
to do this.

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] RFC 5532 enforcementRe: [exim] RFC 5532 enforcement->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)