<DKIM> Emails might go to GMail's SPAM folder
Raphaël
raphael.droz at gmail.com
Tue Feb 2 01:03:23 GMT 2016
On Mon, Feb 01, 2016 at 09:47:25PM -0300, Raphaël wrote:
> Laposte.net should probably avoid "b=" and "bh=" DKIM fields which are
> unsuitable for mailing-list consumption where email body (esp. footer)
> modifications are to be expected. Checking a couple of headers seems an
> acceptable trade-off.
Even better, using the DKIM l=<N> field to limit signature scope to the
first <N> bytes of the message's body [1].
With N being the length of the body, it would pass DMarc test since
mailing-list robots usually only append message.
[and an attacker would be given append-only modification permissions]
This options deals exactly with mailing-lists robots as shown by the
documentation of OpenDKIM [2] which provide the BodyLengthDB option for
this purpose.
[1] https://www.ietf.org/rfc/rfc6376.txt (sect 3.5)
[2] http://www.opendkim.org/opendkim.conf.5.html
More information about the OfflineIMAP-project
mailing list