Are there any downsides to DKIM?

While DKIM has its advantages and enhances the efficiency of email communication, it has its downsides. Some of these are:

  • Replay Attack: A replay attack allows adversaries to insert extra fields in a DKIM signed message and bypass authentication because the signature would match anyway. DKIM was primarily created to check the reputation of sender domains, and in that sense, it is still useful. But what happens if DKIM authenticates an email from a reputed domain that perhaps was altered during transmission by adversaries to include additional header fields? Replay attacks are a common problem with DKIM because it doesn’t sign all parts of an email message and only authorizes selected parts. All the adversaries need to do is add a few more header fields, and the DKIM signature will still match. This makes end-users of such forwarded messages vulnerable.
  • Whitelisting: Yet another limitation of DKIM is the risk associated with whitelisting. For efficiency purposes, companies often whitelist trusted domains based on their DKIM signature. Whitelisting a domain is the opposite of blacklisting it and implies the authentication of emails without any scrutiny or analysis. However, such practices often make organizations vulnerable to phishing attacks.