An investigator examines an email header and sees the following: 'DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=selector1; bh=...; h=...; b=...'. The email claims to be from 'support@example.com', but the DKIM signature validation fails. Which of the following is the MOST likely cause?
DKIM signature failure indicates the email was not signed by the claimed domain's private key, suggesting the From address may be spoofed.
Why this answer
DKIM uses a digital signature to verify the email's domain. Validation failure strongly suggests the email was not sent by the legitimate domain, indicating spoofing.