[opendmarc-dev] draft: patch to implement an override mechanism for MLMs
Juri Haberland
juri at sapienti-sat.org
Thu May 26 23:19:35 PDT 2016
Scott Kitterman wrote:
> On Thursday, May 26, 2016 09:24:38 PM Juri Haberland wrote:
>> What we currently really cannot do is follow the RFC regarding the required
>> DKIM-Domain, DKIM-Identity, DKIM-Selector and SPF-DNS header fields:
>> DKIM-Domain and DKIM-Identity are doable and would require only moderate
>> changes, but DKIM-Selector and SPF-DNS (especially the TXT or SPF RR) are
>> completely unknown to OpenDMARC unless we use the internal SPF code and
>> additionally implenment an internal DKIM code for the DKIM-Selector header
>> field ...
>
> The DNS Type SPF is removed in RFC 7208, so you can skip worrying about that.
> Since SPF is only a TXT query, we know the domain, and opendmarc and already
> retrieve TXT records, it probably wouldn't be a lot of effort to do a TXT
> query
> for the SPF-domain and use the result as SPF-DNS (you'll have to handle the
> case of multiple records being returned and use all that start with "v=spf1 "
> - I say all as I imagine that to capture information about the error case of
> two or more SPF records if there are any, you'd want to stuff them all in SPF-
> DNS).
I would like to avoid duplicating stuff others already did. Actually I don't
understand why there is internal SPF code *and* code to use libspf2, but
that's another story. I think about going the libspf2 route...
> For DKIM-Selector, you might look at modifying opendkim to include the
> selector somewhere in the AR header field it adds and you could extract it.
Yes, that's a solution that I also thought of.
Scott, thank you very much for your valuable input. It's much appreciated!
Juri
More information about the opendmarc-dev
mailing list