search

emersion / go-msgauth

🔏 A Go library and tools for DKIM, DMARC and Authentication-Results
MIT License
170 stars 52 forks source link

Make v tag validation optional for DKIM text records #62

Closed erolkskn closed 9 months ago

erolkskn commented 9 months ago

Hi,

Some of the providers doesn't include v tag on DKIM record as it wasn't specified as required in older versions of DKIM standard. It would be great if it was optional or fallback to DKIM1 if no v tag was specified on TXT record.

Here are some of the examples of DKIM records without v tag:

Sendgrid: 

dig s1._domainkey.sendgrid.com TXT

;; ANSWER SECTION:
s1._domainkey.sendgrid.com. 1800 IN CNAME   s1.domainkey.u298828.wl079.sendgrid.net.
s1.domainkey.u298828.wl079.sendgrid.net. 1800 IN TXT "k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LaY8C3pdtdkSF6C+TTYw0bIKAHt70oFeM5IAHb0aLVY7mSWmjWmPHtV6MGbr4n35ABRKpobn40DJGLU7NmjaT54TDTLLsU2DjEFi+p6VQtHdqprrbFNXt5YmQmnYdsHQ0gSe/nyb6PwoX5q92HexVxfT4/etJ+WKnOf4rk2vZplVoeiaxT5Cxench8SzFLa9u1Ur" "JTdFHkWuVl3aR64Up2bOfR3u9uXjkvMXwX0NdjsZeF0GXi1fqUQXg8s7VriECC2TiioWcB0AWPJoGeNfgGO7O6Oj1mdLPQQJrxqzManJrKp43yS9cO+GVXCf92hPTb93nrAWQjehoRbS/rCrQIDAQAB"

GitLab:

dig mailo._domainkey.mg.gitlab.com TXT

;; ANSWER SECTION:
mailo._domainkey.mg.gitlab.com. 300 IN  TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqxee1GPSB+mZgCWVbzP8T+YbV+rxnw+3vPIkylf/mvD3jHBH4Ac66B2wSFAz/mFv+ormOZUKzoHaFZdjIcXhpT91h+Lpl21TJKbKTZ/oiX4y5YXOatENLuZM/W+HEyqi9fbV51IOUG9er4kKw29tEQG+DEBtr882ygr7T2WcAFwIDAQAB"

Note: https://github.com/emersion/go-msgauth/blob/6610fd7f91288877b3982a4ac9647291e9d99b23/dkim/query.go#L91 This requirement is actually stated in RFC 6376 6.1.1 not in RFC 7489 6.6.3 as this RFC is about DMARC records not DKIM. https://datatracker.ietf.org/doc/html/rfc6376#section-6.1.1

emersion commented 9 months ago

Indeed, the RFC referenced is incorrect! Good catch.

(Ref b8ad33f365217742ff7ed5e38abb5afbb88944c7)

RFC 6376 section 6.1.1 actually is about the DKIM-Signature header field, not about the TXT record.

RFC 6376 section 3.6 explains that the v field is optional.

erolkskn commented 9 months ago

Indeed, the RFC referenced is incorrect! Good catch.

(Ref b8ad33f)

RFC 6376 section 6.1.1 actually is about the DKIM-Signature header field, not about the TXT record.

RFC 6376 section 3.6 explains that the v field is optional.

Oops I misread that section title. Thank you for implementing this :-)