| ▲ | asimpletune 2 days ago | |||||||
The main failure is that dkim still passed even though the email was modified in important ways. | ||||||||
| ▲ | seszett 2 days ago | parent | next [-] | |||||||
Well there are a few different big failures, from not signing the To: to allowing long arbitrary content in an email sent from a legitimate Google address... But I think Google sites is the most important one because it makes sites look like they are actually Google wherever one comes from, it could be a pop-under loaded by another site or whatever, I think it's a more universal avenue for phishing than just exploiting DKIM. | ||||||||
| ||||||||
| ▲ | aaronmdjones 2 days ago | parent | prev [-] | |||||||
The body of the e-mail was not modified whatsoever. Nor were any of the signed headers of the e-mail, including the Subject, From, and To headers. | ||||||||