[opendmarc-users] Opendmarc command line test
Murray S. Kucherawy
msk at blackops.org
Fri Aug 3 07:19:40 PDT 2012
On Fri, 3 Aug 2012, Benny Pedersen wrote:
> is this forged headers safe ?
The process I described is what happens when you run milters in a chain.
In this case, opendkim adds an Authentication-Results field when it
verifies the message. This is passed to opendmarc, which uses that as the
input about whether or not the message was signed and by whom.
opendkim includes the hostname that added that field, and opendmarc uses
that to decide which ones to trust. opendkim will also delete any bearing
that name that it saw on arrival, so that any that were faked by outsiders
don't make it past that point. Therefore, opendmarc will only see
"true" DKIM results.
See RFC5451 for details of this mechanism.
-MSK
More information about the opendmarc-users
mailing list