Well, what appeared to be mail from a headhunter anyway. But the irony here is that DKIM is much less useful in preventing these kinds of (spam-related, human engineering) attacks than might be thought, since (a) most sites -- including legit ones -- don't routinely support it, and (b) most email recipients are largely oblivious to any associated warnings. So, while DKIM indicating a problem with mail from the citi.com domain might be noticed by some users running compatible MUAs (Message User Agents), mail coming from a forged, non-DKIM supporting domain like citi-banking.com would probably be accepted as reasonable by many or most recipients. - Lauren
13 plus ones
Shared publicly•View activity
- Also worth noting that Google's DKIM setup seems to be broken. I haven't been able to get it to authenticate my Google Apps domain mail yet.
http://productforums.google.com/forum/#!topic/apps/FOsrXULt66YOct 24, 2012
- I love stories like this. The more you know the more you find out you don't know. Digging in the dirt or digging in the code.Oct 24, 2012