Recently, you may have heard of Zachary Harris and his hack into Googleʼs email encryption service. He did so by exploiting a flaw in Googleʼs DKIM. This is an important issue for Benchmark Email customers to understand. What it means, and what it means to you as an email marketer, will be explored below.
DomainKeys Identified Mail (DKIM) is an encrypted protocol that Email Service Providers (ESPs) use to take responsibility and ownership over an email message that they are sending. It’s like a signature that is specific to the sender(s) to ensure that it is not possible for another sender to imitate the genuine original.
After receiving a suspicious email from Google however, Zachary Harris, a mathematician well versed in the email industry, discovered a loophole in this DKIM system. The specific problem lay in the strength of the DKIM encryption used by Googleʼs Email systems. Instead of using the recommended 1024-bit encryption, Zach discovered that the DKIM being used by Google was 512-bit.
The loophole that Zachary found was that these lower-bit encryptions can be cracked on a relatively cheap budget. By utilizing some hired processing power from Amazon, Zachary was able to crack 512-bit keys in roughly 72 hours for under $100. He also noted that with enough resources, it would also be possible to crack 768-bit keys as well.
Further investigation by Zachary revealed that Google was not alone in using this 512-bit system; Yahoo, Twitter, Amazon and Ebay were as well. He was also able to find that other organizations, including banks, were only using 768-bit encryption. The danger to those lower-level encryptions is that if cracked, it is possible for somebody to spoof emails, creating major opportunities for phishing emails that appear to be legitimate.
Shortly after the discovery and announcement of the loophole, the US-CERT released a Vulnerability Note suggesting that all ESPs utilize 1024-bit or stronger DKIM encryption. You can read their release here: https://www.kb.cert.org/vuls/id/268267
The good news is that Benchmark Email has been using 1024-bit DKIM encryption for over 3 years now to ensure the best security possible for our client; meaning that this loophole has not directly affected our systems or clients. In light of this loophole however, we have already started the process to upgrade our Keys to the stronger 2048-bit for added security measures. For now, it is not possible to crack these 1024 or 2048-bit keys, meaning that the emails sent from our servers have been and continue to be safe and spoof-free.