On June 20, 2014 5:39:41 PM EDT, John Levine <[email protected]> wrote: >>> I don't know anyone who's checked whether DKIM validators verify the >>> version number, but if it's an issue, there aren't that many widely >>> used DKIM engines so it wouldn't be hard to check. >> >>Just FYI, libdkim which all our products use does check the v= and if >>it's not "v=1" verification "fails" with an "invalid v=" error which >we >>then document in the authentication-results header. > >I looked at the code in Mail::DKIM which is what spamassassin and >probably every other perl DKIM application uses. It checks the >version number, and for some reason accepts "0.5" as well as "1", but >nothing else. > >The most widely used python module is Scott's dkimpy, which checks >that the version is "1".
It currently raises an error if the version is not 1. That was probably a mistake. It'd have been better just to treat versions !1 as no signature present. I think I'll change that. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
