search

the-djmaze / snappymail

Simple, modern & fast web-based email client
https://snappymail.eu
GNU Affero General Public License v3.0
1.03k stars 121 forks source link

'Selectors' aren't supported in BIMI #1394

Closed yasuhirokimura closed 9 months ago

yasuhirokimura commented 10 months ago

At the section 4.3 of draft-brand-indicators-for-message-identification, selectors are defined as following.

To support publishing and display of more than one distinct Brand Indicator per domain, the brand Indicator namespace is subdivided for publishing of multiple Assertion Records using "selectors". Selectors allow the Domain Owner to choose the brand Indicator, for example, by type of recipient, by message source, or by other considerations like seasonal branding. BIMI selectors are modeled after DKIM selectors (https://tools.ietf.org/html/rfc6376#section- 3.1).

The selector "default" is the default Assertion Record. Domain Owners can specify which other selector to use on a per-message basis by utilizing the BIMI-Selector Header (#bimi-selector).

Periods are allowed in selectors and are component separators. When BIMI Assertion Records are retrieved from the DNS, periods in selectors define DNS label boundaries in a manner similar to the conventional use in domain names. In a DNS implementation, this can be used to allow delegation of a portion of the selector namespace.

ABNF:

selector = sub-domain *( "." sub-domain )

; from [SMTP] Domain,

; excluding address-literal

The number of selectors for each domain is determined by the Domain Owner. Many Domain Owners will be satisfied with just one selector, whereas organizations with more complex branding requirements can choose to manage disparate selectors. BIMI sets no maximum limit on the number of selectors.

And BIMI-Selector header is defined at the section 5.1 as following.

BIMI DNS records are placed in ._bimi., and by default they are placed in default._bimi.. That is, for example.com, the default Assertion Record is located in the DNS at default._bimi.example.com. However, a Domain Owner may override the use of the default selector and specify the use of an alternative using the RFC5322-compliant header 'BIMI-Selector'. The BIMI- Selector header consists of key value pairs:

v= Version (plain-text; REQUIRED). The version of BIMI. It MUST have the value of "BIMI1" for implementations compliant with this version of BIMI. The value of this tag MUST match precisely; if it does not or it is absent, the entire retrieved record MUST be ignored. It MUST be the first tag in the list.

ABNF:

bimi-header-version = "v" WSP "=" WSP "BIMI" 1DIGIT

s= Selector (plain-text; REQUIRED). The location of the BIMI DNS record, when combined with the RFC5322.From domain.

ABNF:

bimi-selector = "s" WSP "=" WSP selector

And the formal definition of the BIMI Selector Header, using ABNF, is as follows:

bimi-selector-header = bimi-header-version bimi-sep bimi-selector [bimi-sep]

So if a message includes following headers,

From: someone@example.com
BIMI-Selector: v=BIMI1; s=foo;

then TXT record of foo._bimi.example.com should be used as BIMI DNS record.

A real example of such messages is the one from Instagram. If user logins to Instagram, he receives message to report new login. And it includes following headers.

From: "Instagram" <security@mail.instagram.com>
BIMI-Selector: v=BIMI1; s=fb2021q2v1;

So fb2021q2v1._bimi.mail.instagram.com should be used in this case.

But there are following comments at the line 7-10 of snappymail/v/0.0.0/app/libraries/snappymail/dns.php.

        /**
         * $domain = 'bimigroup.org'
         * Then a TXT lookup is done on 'default._bimi.bimigroup.org'
         */

And avatar image isn't displayed when I open the message from Instagram.

So SnappyMail doesn't seem to support selectors.

yasuhirokimura commented 10 months ago

Environment

Browser

Server 1

Server 2

the-djmaze commented 9 months ago

This will only work with the upcoming release (v2.33)

randolf commented 9 months ago

This will only work with the upcoming release (v2.33)

Now that I've upgraded to SnappyMail v2.33, what do I need to do to configure this to work? (Thanks.)