Closed kiyocat123 closed 6 days ago
Mail::DKIM Ver 202401 and202406 tested
I'm sorry. I found a point of misunderstanding and would like to correct it.
I mentioned that a space like "d= " would be inserted in the D tag when sent with a ccTLD. However, upon reviewing the original unencoded text, I found that it was not "d= domain name" but "d= newline tab domain name." This means that it is not related to whether it is a ccTLD or not, but that a long domain name causes a newline and a tab to be inserted after "d=." In other words, it was FWS rather than WSP as per RFC. Like WSP, FWS is also prohibited at the start and end of tag values.
From my reading of rfc6376 this is valid. FWS is allowed around the tag-value, and within the tag-value, but not at the beginning or end of the tag-value.
Formally, the ABNF syntax rules are as follows:
tag-list = tag-spec *( ";" tag-spec ) [ ";" ]
tag-spec = [FWS] tag-name [FWS] "=" [FWS] tag-value [FWS]
tag-name = ALPHA *ALNUMPUNC
tag-value = [ tval *( 1*(WSP / FWS) tval ) ]
; Prohibits WSP and FWS at beginning and end
tval = 1*VALCHAR
VALCHAR = %x21-3A / %x3C-7E
; EXCLAMATION to TILDE except SEMICOLON
ALNUMPUNC = ALPHA / DIGIT / "_"
Note that WSP is allowed anywhere around tags. In particular, any
WSP after the "=" and any WSP before the terminating ";" is not part
of the value; however, WSP inside the value is significant.
and later specifically detailing the d= tag
sig-d-tag = %x64 [FWS] "=" [FWS] domain-name
domain-name = sub-domain 1*("." sub-domain)
; from [[RFC5321](https://datatracker.ietf.org/doc/html/rfc5321)] Domain,
; excluding address-literal
Thanks a lot Marc Bradshaw. I understand ,[FWS] mean "invisible" around the tag-value(d tag).
The outgoing headers from the hogehoge-kk.com domain are respectively DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hogehoge-kk.com; It is correctly sent, but The outgoing headers from the hogehoge-kk.co.jp domain are respectively DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= hogehoge-kk.co.jp; which is one extra space after"d=".
If extra spaces are added to the d tag, some MTAs, such as outlook.com, may receive a DKIM fail decision.