Atlas48
/
cracker
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update index.md

This commit is contained in:
cosmos88 2019-02-10 03:15:07 +05:30 committed by GitHub
parent e00a1aea2a
commit 86f481b278
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
index.md
View File

@ -65,17 +65,19 @@ In this case forwarders modifies the From field in the message header and adds a
Sender Sends to Forwarder (sender@gmail.com) Sender Sends to Forwarder (sender@gmail.com)
```
>From : sender@gmail.com From : sender@gmail.com
>To : receiver@forwarder.com To : receiver@forwarder.com
>DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com;b=<signature> DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com;b=<signature>
```
Receiver Receives (receiver@yahoo.com) Receiver Receives (receiver@yahoo.com)
```
>From : "sender@gmail.com" <mail-forwarder@forwarder.com> From : "sender@gmail.com" <mail-forwarder@forwarder.com>
>To : receiver@forwarder.com To : receiver@forwarder.com
>DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com;b=<signature> DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com;b=<signature>
>DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=forwarder.com;b=<signature2> DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=forwarder.com;b=<signature2>
```
SPF and DKIM both passes with forwarder.com DNS records. The end receiver chooses the domain inside the "< >" i.e forwarder.com to verify the DMARC record, which always pass as SPF and DKIM both passes with the same domain. SPF and DKIM both passes with forwarder.com DNS records. The end receiver chooses the domain inside the "< >" i.e forwarder.com to verify the DMARC record, which always pass as SPF and DKIM both passes with the same domain.
@ -94,17 +96,19 @@ Next to Reply , click More Show original.
Forwarders that do not modify the `From` field in the message header but adds additional DKIM signatures. Forwarders that do not modify the `From` field in the message header but adds additional DKIM signatures.
Sender Sends to Forwarder (sender@gmail.com) Sender Sends to Forwarder (sender@gmail.com)
```
>From : sender@gmail.com From : sender@gmail.com
>To : receiver@forwarder.com To : receiver@forwarder.com
>DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com;b=<signature> DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com;b=<signature>
```
Receiver Receives (receiver@gmail.com) Receiver Receives (receiver@gmail.com)
```
>From : sender@gmail.com From : sender@gmail.com
>To : receiver@forwarder.com To : receiver@forwarder.com
>DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com;b=<signature> DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=gmail.com;b=<signature>
>DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=forwarder.com;b=<signature2> DKIM-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed;d=forwarder.com;b=<signature2>
```
Here SPF passes with forwarder.com ip address but DKIM passes with gmail's signature and since DMARC looks at the domain from From field in the message header , the attacker can only spoof email on behalf of any gmail's email address . Here SPF passes with forwarder.com ip address but DKIM passes with gmail's signature and since DMARC looks at the domain from From field in the message header , the attacker can only spoof email on behalf of any gmail's email address .