Does Google's Hack Reveal DKIM Vulnerability? Not really.

Let’s get one thing straight: Sending spoofed email as Sergey Brin to Larry Page is pretty cool.

If you missed it, that’s what Wired described white hat hacker Zachary Harris doing, exploiting a weak DKIM public key that he thought was intentionally used as a cryptography test. It wasn’t. It was a 512-bit key that Harris cracked somewhat easily. It inspired him to parse email headers from other prominent brands, where he found other 512-bit keys, also presumably vulnerable.

Harris did those companies a favor by calling attention to their vulnerability, but it’s important to point out that he didn’t find a true weakness in the DKIM authentication standard. Recommendations from DKIM (and Return Path) call for using at least 1024-bit keys to prevent exactly what Harris was able to do. This publicity makes now an excellent time to check your DKIM signatures. Here’s what we recommend:

  1. Make sure you’re using at least 1024-bit DKIM keys
  2. Rotate your keys often. It protects you from employees who leave the company and in the unlikely event someone tries to crack it.
  3. Revoke any old or unused keys from your DNS records

That’s it. DKIM remains a reliable, highly secure solution when it’s properly implemented.

There’s one thing this story fails to mention: just how important it is for mailbox providers to implement DMARC. A malicious hack that exploited Google’s 512-bit key would probably have still failed SPF checking, would have been identified as not fully authenticated, and would likely have been discovered quickly thanks to DMARC.

I’ll continue this discussion next week with some resources and best practices on how to implement a sound email authentication policy. In the meantime, if you’re concerned you may be at risk or need additional help, contact us.

 

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time