Industry News

Google Apps Safe from DKIM Vulnerability, Says Google

The DKIM (Domain Key Identified Mail) vulnerability discovered by Zachary Harris in Google’s email servers poses no threat to Google Apps customers, according to Google spokeswoman Andrea Freund.

The previous 512 bits encryption used by Google’s mail servers was deemed hack-able in less than 72 hours, enabling Harris to forge a legit digital signature and impersonate Sergey Brin, Google’s founder.

Harris estimated that Google Play was unsafe as well, as customers could have received spoofed emails from attackers exploiting the same vulnerability. Although Google fixed the flaw by setting in place 2048-bit keys, Google Apps customers have to manually generate domain keys and activate DKIM authentication.

Google provides step-by-step instructions that enable users to receive 1024-bit domain keys so email spoofing won’t be possible. With all Google domains now sporting 2048-bit keys, enforcing the same security policy for Google Apps might be trickier because more processing power would be required.

Harris believes that companies should be less bent on using strong keys and more focused on keeping up with the latest cryptographic standards. Emphasizing companies should heed to industry professionals’ warnings and research updates, Harris said configuration settings and security fixes should be checked for, on a regular basis.

“The most important thing is that that you don’t just set this up once and forget about it,” Harris said.

Google Apps users are encouraged to follow Google’s tutorials on how to plug the DKIM vulnerability, to avoid possible email spoofing.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.