ARC-Authentication-Results is already in the development pipeline.
ARC-Authentication-Results is still experimental (IETF Draft). It is used
by google and AOL (and some less others) in beta state.
The concept looks nice and will (IMHO) work. But there are two problems
with the ARC chains:
1. the MIME-header may become very long - possibly too long for some MTx
2. because there is no limit for the number of ARC instances in an ARC
chain, ARC is subject to be abused by attackers to initiate a DDoS
The implementation of the ARC-signature check and the ASSP-ARC-signing
seems not to be very complex, because ARC is supported in production mode
by Mail::DKIM version 0.50
But, the still existing assp checks for DKIM, SPF and DMARC are not
designed to have a valid result before they are called.
Up to the end of this year, the ARC-Authentication-Results feature should
be implemented in assp (check and signing) - if the global rulers keep
working on this.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 05.04.2018 03:29
Betreff: Re: [Assp-test] fixes in assp 2.6.2 *Fortress* build 18094
Looks like this will be another great release. Thank you.
Notes / thoughts:
1) I'm really happy to see the addition of trustedAuthForwarders too.
With so many users getting mailing list email, this will be a big help for
those lists that support this.
Do you think you could do something similary for ARC? (
http://arc-spec.org/)
Example of Google's version of X-Original-Authentication-Results, using
ARC instead. This is from a message that was sent from ourcharity.org to
a gmail account that was then forwarded back to us.
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@OurCharity.org header.s=assp-01
header.b=u0J16ajA;
spf=pass (google.com: domain of m...@ourcharity.org designates
a.b.c.d as permitted sender) smtp.mailfrom=m...@ourcharity.org;
dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=OurCharity.org
There's an ARC-Seal and ARC-Message-Signature which looks a lot like
DKIM. Google also has a plain Authentication-Results: line (without the
ARC prefix), but they do NOT DKIM sign the forwarded message (though they
do have their non-standard X-Google-DKIM-Signature line)
So far I've only seen this with Google, but they're a major enough player
that I think this justifies some consideration. I bet others will follow:
>From the ARC website:
If you are a mailbox provider or intermediary (mailing list operator,
message forwarder), you should be planning your ARC implementation now
(first half of 2018). Google has added ARC verification and sealing to
their email services (Gmail, G Suite, and Google Groups). Several other
companies will incorporate ARC into their products and services in the
first half 2018.
2) Nitpicky, at your convenience you might consider changing "privat" to
"private" (with the e on the end for correct English spelling).
Thanks for several major advancements in DKIM related functionality in the
last couple of weeks. Every little bit makes it harder for spammers and
fraudsters.
On Wed, Apr 4, 2018 at 4:55 AM, Thomas Eckardt <thomas.ecka...@thockar.com
> wrote:
Hi all,
fixed in assp 2.6.2 *Fortress* build 18094:
- the scheduled blockreport design was still broken, if no blocked mail
was found
- if a very short time range (eg. less than 5 minutes) was defined for a
statistic graph, an "modulus by 0" exception caused a mainthread crash
added:
'trustedAuthForwarders','X-Original-Authentication-Results Trusted
Forwarder*'
If an email contains a valid DKIM signature and the signature protects
the "X-Original-Authentication-Results" header line in its h= tag
(RFC7601) and the host in this header line matches
this regular expression, DMARC will fully trust the provided original
authentication results for SPF and DKIM.
For example: mx\d*\.domain\.com or ^2\.2\.2\.2$'
changed:
- images\svg.js (images.zip) is updated to version 1.04 - the click on a
statistical graph now shows also the date (not only the time)
- for whitelist modifications and reports using the email-interface, the
'WhitelistPrivacyLevel' states (global,domain,privat) are show in addition
to prevent confusion
- if hash data are shown in the GUI-Edit dialog, a sort (up/down ward)
option is available
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
