lieser
commented
7 years ago Yes, this would definitely be a nice addition for the add-on. Unfortunately my time is rather limited at the moment, so don't expect it any time soon.
Open ghost opened 7 years ago
lieser
commented
7 years ago Yes, this would definitely be a nice addition for the add-on. Unfortunately my time is rather limited at the moment, so don't expect it any time soon.
ghost
commented
7 years ago Thanks! I understand. At least I have made this feature came into your "radar" in the sense that at least I think it would be useful :) Great work anyways!
wioxjk
commented
6 years ago As @pimlie wrote, it checking for " arc=fail (signature failed);" is enough https://github.com/pimlie/authres_status/issues/27
lieser
commented
6 years ago This issue was more about verifying ARC locally (ARC-Message-Signature, ARC-Seal), not about getting the ARC status from the Authentication-Results.
As I didn't yet know about the possibly added arc=[pass|fail|policy] to Authentication-Results, I had a quick look at the draft today. My conclusion so far is that adding a check for it would not bring much useful information to a user.
That I did see in the draft is, that if ARC passes, the verifier seems to add a dkim=pass with header.i=@<domain of last arc signer> to the Authentication-Results. As reading of the Authentication-Results is optionally supported by the add-on, it can already show this information.
See the example B.2.3. Example 2: Message received by Recipient from the RFC (download ARC - B.2.3. Example 2 - Message received by Recipient.txt, rename it to .eml, enable ARH reading in the add-on and open the .eml file with Thunderbird)
cedricgannet
commented
4 years ago Just added DKIM Verifier V3.0.1 to Thunderbird V68.2.2 (64-bit) on latest Linux Mint. I received a message without DKIM but the add-on showed the following:
The email was:
Your RS order confirmation - No20-Stock.txt
It looks like the add-on is identifying different types of key and treating them as DKIM keys. I had a similar problem with one using ARC. It would be good to have ARC and similar systems implemented, but until you have, ignore anything that's not specifically identified as DKIM.
Am I missing something?
lieser
commented
4 years ago @cedricgannet
As far as I can tell the error you see has nothing to do with ARC. You have either the DMARC heuristic enabled, or a custom sign rule saying saying that RS-Components.com should be signed (e.g. by the option to automatically add them).
See the following for more info:
If you still have problems, please create a separate issue for it.
I know this is DKIM verifier (that also verifies SPF and DMARC), but there is a new specification to try to solve some of the problems of DKIM called: ARC ( http://arc-spec.org ). At least AOL and GMail already validate ARC headers.
I hope in the future dkim_verifier also verifies the ARC header, that at least gmail that I use is using... if it isn't already.