DKIM t=s key flag not supported

emersion / go-msgauth

🔏 A Go library and tools for DKIM, DMARC and Authentication-Results

MIT License

162 stars 51 forks source link

DKIM t=s key flag not supported #44

Open AGWA opened 3 years ago

AGWA commented 3 years ago

When s is in a key's flags list, then:

Any DKIM-Signature header fields using the "i=" tag MUST have the same domain value on the right-hand side of the "@" in the "i=" tag and the value of the "d=" tag. That is, the "i=" domain MUST NOT be a subdomain of "d=". Use of this flag is RECOMMENDED unless subdomaining is required.

(RFC 6376 Section 3.6.1)

Currently, go-msgauth's DKIM verifier unconditionally allows the i= domain to be a subdomain of d=.

emersion commented 3 years ago

Good catch. Patches welcome!

gowthamgts commented 2 years ago

issued a PR for this: #50