Hit ENTER after each Tag to add it to your post; Numbers in parentheses represent the Tag's usage.
Given the fact that both Microsoft and US Cert have depreciated SHA1, it is imperative that SmarterMail updates the SHA1 key used to generate DOMAINKEY signatures to use SHA256.
The effective date, announced on 12 November, 2013, is 1 January, 2016, just over six months from now.
While Google will accept SHA1 based certificates until the end of 2016, Microsoft will completely depreciate SHA1 based certificates in April, 2016
See: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx, which states:
"Today Microsoft has announced a new policy for Certificate Authorities (CAs) that deprecates the use of the SHA1 algorithm in SSL and code signing certificates, in favor of SHA2. The policy affects CAs who are members of the Windows Root Certificate Program who issue publicly trusted certificates. It will allow CAs to continue to issue SSL and code signing certificates until January 1 2016, and thereafter issue SHA2 certificates only."
Qualys Security Labs, via their blog, at: https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know, states:
The news is that SHA1, a very popular hashing function, is on the way out. Strictly speaking, this development is not new. The first signs of weaknesses in SHA1 appeared (almost) ten years ago. In 2012, some calculations showed how breaking SHA1 is becoming feasible for those who can afford it. In November 2013, Microsoft announced that they wouldn't be accepting SHA1 certificates after 2016.
Shown below is the header information from a SmarterMail 13.4.5603 transaction showing that DOMAINKEYS are still generated with SHA1.
Received: from server.REDACTED.com (server.REDACTED.com XXX.XXX.198.67]) by securemail.chicagonettech.com with SMTP
Sun, 10 May 2015 15:02:28 -0500
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
Received: by server.REDACTED.com via HTTP;
Sun, 10 May 2015 16:02:17 -0400
From: "SmarterMail DomainKey Test Account" <smartermailtest@REDACTED.com>
Subject: MailTest REDACTED.com 201505100150219
Date: Sun, 10 May 2015 16:02:17 -0400
Content-Type: multipart/alternative; boundary=1f719ff854ef4371b15d61ea7f201347
X-SmarterMail-Spam: SPF_Pass, Message Sniffer 0 [code:0], DK_Pass, DKIM_Pass
Phonr: (773) 491-9019
Phone: (224) 444-0169
E-Mail and DNS Security Specialist
Network Security Specialist
Customer Service Portal: https://portal.chicagonettech.com
Security Blog: http://networkbastion.blogspot.com/
Web and E-Mail Hosting, E-Mail Security and Consulting