The short answer is no, DKIM on its own does not protect against replay attacks. While DKIM is a critical email authentication standard that verifies the sender's domain and ensures the message content hasn't been tampered with since it was signed, it has an inherent vulnerability. An attacker can capture a legitimate, DKIM-signed email and simply “replay” it by sending it to new recipients. Because the original signed parts of the email remain unchanged, the DKIM signature remains valid, and the message can bypass security filters.
This isn't just a theoretical problem. It's a technique actively used in sophisticated phishing campaigns. Understanding this weakness is the first step toward building a more resilient email security posture.
What is a DKIM replay attack?
A DKIM replay attack is a simple but effective technique. As the name suggests, it involves an attacker intercepting a valid email that has been signed with DKIM and resending it. The attacker doesn't need to break the DKIM signature's cryptography or forge a new one. They just need to capture a real email, for example, a security notification or a password reset email from a trusted service.
They can then forward this email to new, unsuspecting targets. The attacker might change headers that are not part of the DKIM signature, such as the `To` or `CC` fields, to direct the replayed message to their victims. A notable real-world example involved attackers exploiting Google's infrastructure. They captured legitimate, DKIM-signed emails from Google and replayed them in a widespread phishing campaign. Because the emails carried a valid signature from google.com, they appeared highly credible to both email filters and end-users.
How to protect your domain from replay attacks
While DKIM itself is vulnerable, you are not powerless. You can implement several measures to mitigate the risk of your domain being used in a replay attack. A layered defense strategy is the most effective approach.
- Rotate your DKIM keys periodically. A DKIM signature is valid as long as the private key used to create it is active. By regularly rotating your keys (for example, every few months), you limit the time window in which a captured email can be successfully replayed. An old signature created with a retired key will fail validation.
- Sign additional headers (oversigning). By default, DKIM often signs only a minimal set of headers. You can strengthen your signature by including more headers, particularly ones an attacker would want to change, like `Subject`, `To`, and `CC`. This practice, sometimes called 'oversigning', ensures that if an attacker modifies these headers, the DKIM signature will break and the email will fail authentication.
- Use a unique signature for each recipient. While more technically complex, some systems can generate a slightly different DKIM signature for each individual email or recipient. This can involve adding a unique, signed header (like a timestamp or a nonce) to each message, effectively making each signature a single-use token that cannot be replayed to another recipient.
- Implement DMARC. DMARC works with SPF and DKIM to create a comprehensive email authentication policy. While DMARC doesn't directly stop replay attacks, it provides crucial reporting that can help you identify when your domain is being abused. These reports can alert you to suspicious activity, prompting you to rotate keys or investigate further.
A necessary but imperfect standard
DKIM is a foundational pillar of modern email security, and you absolutely must have it correctly configured for your domains. However, it's essential to understand its limitations. It authenticates the sender and protects message integrity but does not, by itself, prevent a valid message from being maliciously reused.
By combining DKIM with best practices like regular key rotation, strategic header signing, and a strong DMARC policy, you can build a robust defense that significantly reduces the threat of your domain's reputation being hijacked by attackers.
