~sircmpwn/sr.ht-discuss

2 2

3rd party signing domain for DKIM

Details
Message ID
<87czoid0m3.wl-valdemar@erk.dev>
DKIM signature
missing
Download raw message
Hello,

I have observed that on lists.sr.ht the site will report DKIM as
missing if it is only signed with a 3rd party signature. 3rd party
signature is if the `header.d` field in `Authentication-Results` has a
different host part compared to the email address in the `From`
header.

This is allowed rfc5863, [0] but as it also says in it the value of
such 3rd party domains is often heavily debated. A example of when 3rd
party domains is used is if you are sending a mail from google and you
have not set up DKIM for your domain Google will sign it with the
domain <host>.<numbers>.gappssmtp.com, [1] where host is the host part
of the from email and numbers are some date.

It can be discussed if it should be show in a different way compared
to e-mails with 1st party DKIM set up properly, but I think it is
worth to show in some way.

[0]: https://datatracker.ietf.org/doc/html/rfc5863#section-6.3
[1]: https://support.google.com/a/answer/174124?hl=en

--

Valdemar Erk
Details
Message ID
<CES6LYONYMRB.1LXKQSACNMC2D@taiga>
In-Reply-To
<87czoid0m3.wl-valdemar@erk.dev> (view parent)
DKIM signature
missing
Download raw message
Thanks for clarifying the request. I don't think that this kind of
signature is appropriate for us to trust.
Details
Message ID
<RXQGLFBdRihd6DJzJsjjNiAlqKQgoOeWVCoKaA4-v4PGEf5HteKP483XyQUxifoBxSkYeXz7RKtEbIrGuBjOTAUtvrjTBYiemKXr-P7UqRs=@emersion.fr>
In-Reply-To
<87czoid0m3.wl-valdemar@erk.dev> (view parent)
DKIM signature
missing
Download raw message
Yeah, I don't think it's worth displaying. Users can always look at the raw
Authentication-Results header fields if they want to.
Reply to thread Export thread (mbox)