DKIM and L-TAG (length) Vulnerability

DKIM and L-TAG Vulnerability

DKIM is a crucial email authentication method designed to ensure the integrity of emails. While it helps verify that the content has not been altered, a specific DKIM vulnerability involving the length tag (l=) in DKIM signatures can leave emails open to tampering.

In this article, learn about the potential risks associated with the “l=” tag and get actionable steps to secure your emails against this vulnerability.

The l-tag DKIM Vulnerability

The vulnerability in DKIM is associated with the length tag (l=). The l= tag is optional and specifies the length of the portion of the email body that was signed. For example, l=500 means that only the first 500 bytes of the email body are signed. This leaves the rest of the email body, which is not covered by the DKIM signature, susceptible to alterations.

Exploitation

An attacker could exploit this by appending malicious content after the signed portion of the email body. Since the appended content is not covered by the DKIM signature, it won’t affect the validity of the signature. Email clients will display the entire email content (both signed and unsigned portions), potentially misleading the recipient and defeating the fundamental integrity promise of DKIM.

Example:

⒈Vulnerable Email Header with DKIM Signature Containing the Length Tag

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=example.com; s=randomselector;
h=date:from:to:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; 
bh=1kfwQkFg+nKq2DRy7GwHjDsfmrk=; b=ZL8/3fvcqK8ZVHy+iZ/AGuM9mPlU9WjJpY6BG3J6Y
M+8Nf4Ybaq8wDpMj5Nd; l=500;

⒉ Invulnerable Email Header with DKIM Signature Without the Length Tag

DKIM-Signature:

v=1; a=rsa-sha256; c=relaxed/relaxed;
d=example.com; s=randomselector;
h=date:from:to:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; 
bh=1kfwQkFg+nKq2DRy7GwHjDsfmrk=; b=ZL8/3fvcqK8ZVHy+iZ/AGuM9mPlU9WjJpY6BG3J6Y
M+8Nf4Ybaq8wDpMj5Nd;

Solutions and Fixes

To mitigate this vulnerability, you should avoid using the L= tag in DKIM signatures.

For ESPs and Third-Party senders:

  • Avoid using the L= tag and rotate all current DKIM keys to remove the length tag implementations.
  • For ESPs using CNAME-type public key records, changes can be made and keys rotated without end-users having to update their DNS.
  • For ESPs using TXT type public DKIM key implementation, notify end-users and provide the new public DKIM key for them to update in DNS.

Dedicated Servers:

  • Ensure your OpenDKIM configuration does not include the parameter BodyLengthDB(dataset). Modify the settings and rotate keys to avoid this vulnerability.
  • Check your MTA (Mail Transfer Agent) documentation and verify that the length tag is not included in the DKIM configuration.
  • Modify the settings and rotate keys to avoid this vulnerability.

The Impact on BIMI

BIMI (Brand Indicators for Message Identification) relies on a valid DKIM signature to display a logo in the recipient’s inbox. If the L= tag is exploited:

  • The attacker can pass DMARC, causing the email to land in the recipient’s inbox.
  • This could lead to the BIMI logo being displayed unless ESPs create specific rules to exclude emails with the L= tag.

This means that even with an enforced DMARC policy (p=quarantine or p=reject), an attacker can append malicious content to an email, pass DKIM verification, and still have the BIMI logo displayed, potentially misleading recipients.

 

Article Details

Article ID:
57
Category:
Rating :

Related articles