DKIM keys vulnerable to Debian OpenSSL bug DKIM is a mechanism that allows sending mail servers to sign emails with a cryptographic key published via a DNS TXT record. By scanning DKIM keys with my tool badkeys, I discovered a surprisingly large number of hosts vulnerable to the 2008 Debian OpenSSL bug. This trivially allowed sending emails with forged DKIM signatures for those hosts and thereby also passing DMARC checks. The hosts included notable names like @cisco.com, @oracle.com, @skype.net,...