DKIM Authorization Question
I've read a good bit about DMARC, DKIM, and SPF but now that I'm getting results come in, there are some things I'm seeing that I don't understand. I keep seeing passing DKIM results from outside domains and their selectors, as well as passing from the intentional domain, in a relaxed DKIM policy for DMARC. For example, a good passing result would be from something legit like this from the dundermifflin.com company:
d=dundermifflin.com
s=legitselector1
RFC5321.MailFrom = dave@dundermifflin.com
RFC5322.From = dave@dundermifflin.com
I can understand that this one passes because the selector at the legit mail server signed it properly. And since the DKIM signature points to this domain and selector, it can decrypt the hashes properly.
But I'm also seeing stuff like this that pass:
d=cheapspoofdomain.com
s=cheapselector1
RFC5321.MailFrom = spoofer@cheapspoofdomain.com
RFC5322.From = dave@dundermifflin.com
Can anybody can just send a message from their own servers and use their own working selectors to hash messages and as long as DMARC is either not enabled or specifies relaxed DKIM?
