[opendmarc-users] Opendmarc command line test

Murray S. Kucherawy msk at blackops.org
Fri Aug 3 07:19:40 PDT 2012


On Fri, 3 Aug 2012, Benny Pedersen wrote:
> is this forged headers safe ?

The process I described is what happens when you run milters in a chain. 
In this case, opendkim adds an Authentication-Results field when it 
verifies the message.  This is passed to opendmarc, which uses that as the 
input about whether or not the message was signed and by whom.

opendkim includes the hostname that added that field, and opendmarc uses 
that to decide which ones to trust.  opendkim will also delete any bearing 
that name that it saw on arrival, so that any that were faked by outsiders 
don't make it past that point.  Therefore, opendmarc will only see 
"true" DKIM results.

See RFC5451 for details of this mechanism.

-MSK


More information about the opendmarc-users mailing list