Parse Outlook's ARHs

[kiwixz]

Hi, in https://github.com/lieser/dkim_verifier/issues/300#issuecomment-1428735628 you suggest to open an issue to track this.

I'd be nice if the extension could parse (and trust) Authentication-Results header from Outlook. I did enable the "try non RFC compliant" option before reporting this.

Below are few samples of headers and their error:

Authentication-Results: spf=pass (sender IP is 199.16.156.157)
 smtp.mailfrom=bounce.x.com; dkim=pass (signature was verified)
 header.d=x.com;dmarc=pass action=none header.from=x.com;compauth=pass
 reason=100

18:12:46.515 DKIM_Verifier.AuthVerifier ERROR    Ignoring error in parsing of ARH DKIM_Error: Parsing error
    match moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/arhParser.mjs.js:354
    parse moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/arhParser.mjs.js:137
    getARHResult moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/authVerifier.mjs.js:265
    verify moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/authVerifier.mjs.js:177
    verifyMessage moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/content/background.mjs.js:82
    <anonymous> moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/content/background.mjs.js:188
authVerifier.mjs.js:267:8
    getARHResult moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/authVerifier.mjs.js:267
    verify moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/authVerifier.mjs.js:177
    verifyMessage moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/content/background.mjs.js:82
    <anonymous> moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/content/background.mjs.js:188

Authentication-Results: spf=pass (sender IP is 192.30.252.204)
 smtp.mailfrom=github.com; dkim=pass (signature was verified)
 header.d=github.com;dmarc=pass action=none
 header.from=github.com;compauth=pass reason=100

18:13:56.602 DKIM_Verifier.AuthVerifier ERROR    Ignoring error in parsing of ARH DKIM_Error: Parsing error
    match moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/arhParser.mjs.js:354
    parse moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/arhParser.mjs.js:137
    getARHResult moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/authVerifier.mjs.js:265
    verify moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/authVerifier.mjs.js:177
    verifyMessage moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/content/background.mjs.js:82
    <anonymous> moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/content/background.mjs.js:188
authVerifier.mjs.js:267:8
    getARHResult moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/authVerifier.mjs.js:267
    verify moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/modules/authVerifier.mjs.js:177
    verifyMessage moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/content/background.mjs.js:82
    <anonymous> moz-extension://67e4b14e-52c2-4c9a-9c7c-b8b4f02a4720/content/background.mjs.js:188

[lieser]

Thanks for extracting this feature request from the liked issue, let's see how many up votes this will get.

Sadly my first attempt at reporting this to Microsoft in the hope they will improve compatibility with the RFC failed miserably, did not get over the first level support (https://answers.microsoft.com/en-us/outlook_com/forum/all/authentication-results-header-written-by-outlook/890b304c-3c81-48b6-b065-36fad3b551e4).

[bp2008]

I found that microsoft support thread before I looked here @lieser, that was good for a laugh! A typical support experience indeed.

Just throwing in my vote for outlook compatibility. While there is certainly some merit to applying pressure to Microsoft to comply with the relevant standards, it is the users who suffer in the intervening years.

[GlenWi]

That's a very sad example of the ineffective support form Microsoft. Sadly it's typical, at lest the advice didn't include re-installing windows! I would very much like a solution as I have several accounts (7) in Thunderbird using your verifier perfectly and one that doesn't, outlook.com. Currently I have to completely disable it for the Microsoft email account. Thank you for working on this.

[lieser]

@GlenWi It would be nice if you (and anyone else who wants this) could add a 👍 vote to the top post, that is the easiest way for me to track how often this is requested.

[GlenWi]

Thanks Phillipe, I've done that now!

[mjdl]

I just added my thumbs-up to this issue's top post, but I want to emphasize that lieser's orginal assessment that Microsoft's RFC non-conformance in regard to the absence of a proper DKIM authentication server id is really blocking the outlook on fixing this problem (pun intended!), since ignoring that fault weakens the overall credibility of the DKIM checks performed by the extension.

(And--not to venture too far in arguments--this Microsoft non-conformance is just typical of the Internet's commercial overlords' insistence that the Internet should follow their locked-in standards! Enough said...)