You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been part of multiple discussions now on the client-side to evaluate AuthenticationResults headers. This may be desirable for mail accounts where the SMTP server fully rejecting any DKIM failed mail or always moving it to spam is impractical, e.g. due to the many misconfigured mailing lists.
It seems this can become way more complicated with spoofed AuthenticationResults headers, if the own target MTA only sporadically inserts unspoofed ones.
I've been part of multiple discussions now on the client-side to evaluate AuthenticationResults headers. This may be desirable for mail accounts where the SMTP server fully rejecting any DKIM failed mail or always moving it to spam is impractical, e.g. due to the many misconfigured mailing lists.
It seems this can become way more complicated with spoofed AuthenticationResults headers, if the own target MTA only sporadically inserts unspoofed ones.
See: https://bugzilla.mozilla.org/show_bug.cgi?id=265226 or this comment lieser/dkim_verifier#465 (comment)
Most providers I've tested only sporadically insert AuthenticationResults, and I suspect it might be because they run OpenDKIM with default settings.
Therefore, I wonder if the AlwaysAddARHeader default should be changed.
Of course I realize this is a huge change and I might be missing something here anyway.
The text was updated successfully, but these errors were encountered: