Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make v tag validation optional for DKIM text records #62

Closed
erolkskn opened this issue Jan 4, 2024 · 2 comments
Closed

Make v tag validation optional for DKIM text records #62

erolkskn opened this issue Jan 4, 2024 · 2 comments

Comments

@erolkskn
Copy link

erolkskn commented Jan 4, 2024
edited
Loading

Hi,

Some of the providers doesn't include v tag on DKIM record as it wasn't specified as required in older versions of DKIM standard. It would be great if it was optional or fallback to DKIM1 if no v tag was specified on TXT record.

Here are some of the examples of DKIM records without v tag:

Sendgrid:

dig s1._domainkey.sendgrid.com TXT

;; ANSWER SECTION:
s1._domainkey.sendgrid.com. 1800 IN	CNAME	s1.domainkey.u298828.wl079.sendgrid.net.
s1.domainkey.u298828.wl079.sendgrid.net. 1800 IN TXT "k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LaY8C3pdtdkSF6C+TTYw0bIKAHt70oFeM5IAHb0aLVY7mSWmjWmPHtV6MGbr4n35ABRKpobn40DJGLU7NmjaT54TDTLLsU2DjEFi+p6VQtHdqprrbFNXt5YmQmnYdsHQ0gSe/nyb6PwoX5q92HexVxfT4/etJ+WKnOf4rk2vZplVoeiaxT5Cxench8SzFLa9u1Ur" "JTdFHkWuVl3aR64Up2bOfR3u9uXjkvMXwX0NdjsZeF0GXi1fqUQXg8s7VriECC2TiioWcB0AWPJoGeNfgGO7O6Oj1mdLPQQJrxqzManJrKp43yS9cO+GVXCf92hPTb93nrAWQjehoRbS/rCrQIDAQAB"

GitLab:

dig mailo._domainkey.mg.gitlab.com TXT

;; ANSWER SECTION:
mailo._domainkey.mg.gitlab.com.	300 IN	TXT	"k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqxee1GPSB+mZgCWVbzP8T+YbV+rxnw+3vPIkylf/mvD3jHBH4Ac66B2wSFAz/mFv+ormOZUKzoHaFZdjIcXhpT91h+Lpl21TJKbKTZ/oiX4y5YXOatENLuZM/W+HEyqi9fbV51IOUG9er4kKw29tEQG+DEBtr882ygr7T2WcAFwIDAQAB"

Note:

go-msgauth/dkim/query.go

Line 91 in 6610fd7

// RFC 7489 section 6.6.3 says records not starting with "v=" should be

This requirement is actually stated in RFC 6376 6.1.1 not in RFC 7489 6.6.3 as this RFC is about DMARC records not DKIM.
https://datatracker.ietf.org/doc/html/rfc6376#section-6.1.1
@emersion emersion mentioned this issue Jan 5, 2024
Closed
@emersion
Copy link
Owner

emersion commented Jan 5, 2024

Indeed, the RFC referenced is incorrect! Good catch.

(Ref b8ad33f)

RFC 6376 section 6.1.1 actually is about the DKIM-Signature header field, not about the TXT record.

RFC 6376 section 3.6 explains that the v field is optional.

@erolkskn
Copy link
Author

erolkskn commented Jan 5, 2024

Indeed, the RFC referenced is incorrect! Good catch.

(Ref b8ad33f)

RFC 6376 section 6.1.1 actually is about the DKIM-Signature header field, not about the TXT record.

RFC 6376 section 3.6 explains that the v field is optional.

Oops I misread that section title. Thank you for implementing this :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emersion @erolkskn