DKIM-sign Content-Type and oversign all signed headers

deltachat / chatmail

chatmail service deployment scripts and docs

https://delta.chat/en/2023-12-13-chatmail

MIT License

97 stars 5 forks source link

DKIM-sign Content-Type and oversign all signed headers #296

Open link2xt opened 1 month ago

link2xt commented 1 month ago

Oversigning (including header name in DKIM-Signature more times that it appears in the mail) prevents adding more headers with the same name without invalidating DKIM signature.

We don't want middleboxes to insert a second From header, adding Cc field to mails that don't have one etc.

link2xt commented 1 month ago

A test that checks that From: header is oversigned with a regexp or "assert ... in ..." should be possible probably.