| ▲ | seszett 2 days ago | |
Well there are a few different big failures, from not signing the To: to allowing long arbitrary content in an email sent from a legitimate Google address... But I think Google sites is the most important one because it makes sites look like they are actually Google wherever one comes from, it could be a pop-under loaded by another site or whatever, I think it's a more universal avenue for phishing than just exploiting DKIM. | ||
| ▲ | aaronmdjones 2 days ago | parent [-] | |
The To header was included in the DKIM signature. The reproduction section of the article shows the result of final delivery to the victim which shows the original To header. If that were removed it would invalidate the signature. | ||