我在域example.com中有一个电子邮件服务。如何保护它免受欺骗From标题中的USER电子邮件地址?
情景:
攻击者从malory@example.com发送电子邮件 - 连接到我的SMTP服务,正确地作为malory进行身份验证,并发送带有标题
From: alice@example.com的邮件
SPF无法提供帮助,因为攻击者使用我的合法SMTP服务,拥有自己的帐户并正确进行身份验证。
由于同样的原因,DKIM无法提供帮助 - 攻击者使用真实合法的电子邮件帐户,因此按摩具有适当的数字签名。
DMARC无法提供帮助,因为只检查信封和RFC5322.From域是否匹配,而不是用户帐户。
有没有办法检查信封和From整个地址是否匹配?如何正确保护SMTP服务免受欺骗?
感谢您的帮助!
答案 0 :(得分:1)
In order to prevent spoofing in your case, your email server example.com would have to include a DKIM-Signature message header that resolves to your own domain. This would only work if the private encryption key used is unique to your organization and not shared among service users like you pointed out.
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=subdomain; d=mydomain.com; ...
To accomplish this, your email server would need to provide you with the public key or publish the it on their own domain. Using the latter case, you would point to the public key using a DNS CNAME record.
TXT subdomain._domainkey.mydomain.com "p=..."
OR
CNAME subdomain._domainkey.mydomain.com uniqueid.xxx.example.com