Skip to content

Feature: Expand support for Authentication-Results #473

New issue
New issue
Open
Open
Feature: Expand support for Authentication-Results#473
Labels
enhancementImprovements or new features
@namelessmasses

Description

@namelessmasses
namelessmasses
opened on Dec 1, 2024

Background

Many email providers are adding "anonymous" or "random" address features, e.g. Apple's "Hide My Email", Fastmail's "Masked Email", etc. With no standardized process for authorization verification, some providers leave the signature there (Fastmail "Masked Email"). Other providers verify the signature, include their results, and remove the signature (Apple "Hide My Email").

DKIM header field displays verifier

When displaying the parsed Authentication-Results in the DKIM header row, DKIM header fields include the server noted as having verified the authentication.

For the following example,

Authentication-Results: dkim-verifier.icloud.com;
	dkim=pass (1024-bit key) header.d=costalerts.amazonaws.com header.i=@costalerts.amazonaws.com header.b=uaPCyL0A

the DKIM bar might display the fully accessible option

DKIM: Valid (Signed by costalerts.amazonaws.com; Verified by dkim-verifier.icloud.com)

and provide an option to move the verification to a tooltip since not all users have easy access to a mouse to hover for tooltips.

For local verification, the DKIM bar might display

DKIM: ; Verified locally by "DKIM Verifier"

Risk Analysis

No risks perceived at this time.

Allow DKIM "success" for trusted verification servers

If no DKIM signature is available, and all DKIM Authentication-Results are from trusted authentication servers, and all DKIM Authentication-Results pass, then allow the DKIM success with indication that the success is based "trusted" authenticators.

Risk Analysis

  • Relies on explicit trust of the creator of the Authentication-Results headers, and they have not been forged.
    • dkim_verifier already implies a certain level of trust in these headers when the user opts to displaying them in the DKIM header row. While this is not an explicit trust as it simply displays what's in the headers, it can begin to create implicit trust as the user sees these more often.
    • Ensuring the UX clearly indicates the basis of the final result can help to mitigate this risk.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementImprovements or new features

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions