Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect and warn about when recommended headers are present but not signed #277

Closed
skomski opened this issue Nov 16, 2021 · 2 comments
Closed
Assignees
Milestone

Comments

@skomski
Copy link

skomski commented Nov 16, 2021

The DKIM RFC6376 (https://datatracker.ietf.org/doc/html/rfc6376#section-5.4.1) mentions recommended headers that if present should be signed. It would be great if dkim_verifier could warn about present unsigned recommended headers. For example Subject or Reply-To should be definitely signed.

@lieser
Copy link
Owner

lieser commented Nov 22, 2021

Thanks for the suggestion. Its similar to what I plan to do in #102. Will also look at the recommended signed headers if I look into it.

@lieser lieser added this to the 4.2.0 milestone Nov 22, 2021
@lieser lieser modified the milestones: 4.2.0, 4.3.0 May 27, 2022
@lieser
Copy link
Owner

lieser commented Jun 19, 2022

I added support for this, you could try the attached version:
dkim_verifier@pl-0a7d587.zip

Note that this can be configured in the policy options. Would be nice to get feedback on how common warnings in the recommended mode are. I have a few bigger senders that don't sign all headers the RFC recommends, so a little hesitant to make that the default.
The current default relaxed mode only warns about the subject not being signed (from was already an error, as this is a strict requirement in the RFC).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants