Scanning and Reading DMARC reports, I see there are many reports from
an "OpenDMARC Filter" which includes testing for "dkim-adsp" and
"dkim-atps" protocols. An example Auth-Res:
Authentication-Results: ****************.net;
dkim=pass (1024-bit key; unprotected) header.d=ietf.org
[email protected] header.b=ftopcwZG;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=isdg.net
[email protected] header.b=hi8lLzuw;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected)
header.d=beta.winserver.com [email protected]
header.b=mQTSS3bH;
dkim-adsp=fail (unprotected policy); dkim-atps=neutral
The dkim-atps result is neutral because RFC6541 requires two tags to
be added to the DKIM-Signature in order to trigger the atps call:
'
adps=author-domain; atpsh=sha1;
Anticipating some future need to add "user tags" to the DKIM signing
engine:
# USER DEFINED TAGS:
#
# The UserTags are experimental. They are additonal signed "tag=value;"
# information added to the signed signature. The tag MUST NOT conflict
# with an DKIM standard tag.
I was able to add the above user tags for outbound mail. In theory,
those OpenDMARC Filter engines with DKIM-atps SHOULD find an atps
record for the ietg.org 3rd party list resigner, which we have for our
isdg.net zone file:
pq6xadozsi47rluiq5yohg2hy3mvjyoo._atps TXT ( "v=atps01; d=ietf.org;" )
This is a test message to feed the OpenDmarc Filter Engines.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
