Skip to content

add optional DKIM and DMARC checks

Albrecht Dreß requested to merge dkim-dmarc-checks into master

This changeset adds optional DKIM [1, 3] and DMARC [2] checks to Balsa. As the check requires at least two DNS queries per message which may be time-consuming, it must be enabled explicitly (Preferences -> Settings -> Miscellaneous). The implementation caches successful DNS lookups which reduces the bandwidth requirements. As no additional library dependencies are introduced and the extra code size is limited, it is not possible to disable DKIM/DMARC support entirely.

For each message containing one or more DKIM-Signature headers, or for which DMARC requires the presence of this signature, an additional entry is added to the headers, giving only a basic status (valid, warning or invalid). Clicking on the line shows a GtkPopover with more details.

In many cases, the presence of a valid DKIM/DMARC signature is a good indicator for a benign message. However, note that

  • DKIM/DMARC is no replacement for cryptographic message signatures (GPG or S/MIME), as it is possible to break the signatures [4],
  • in many cases, spammers use freemail accounts (e.g. GMail) which have a valid signature,
  • mailing list processors may add content and/or modify the From address, breaking valid DKIM signatures.

[1] RFC 6376: DomainKeys Identified Mail (DKIM) Signatures
[2] RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC)
[3] RFC 8463: A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
[4] S. Ullrich: Breaking DKIM - on Purpose and by Chance

-- Details:

  • libbalsa/dkim.[ch], libbalsa/Makefile.am, libbalsa/meson.build: add implementation of the LibBalsaDkim object
  • libbalsa/body.[ch]: remember the DKIM LibBalsaDkim object with the relevant body parts
  • po/POTFILES.in: add libbalsa/dkim.c
  • src/balsa-app.[ch]: add config item to enable DKIM/DMARC checks
  • src/balsa-message.c: check DKIM/DMARC status iff enabled
  • src/balsa-mime-widget-message.c: display DKIM/DMARC status in the headers if present
  • src/balsa-print-object-header.c: print DKIM/DMARC status summary if present
  • src/pref-manager.c: add config item to enable DKIM/DMARC checks to Preferences -> Settings -> Miscellaneous
  • src/save-restore.c: save/restore the config item to enable DKIM/DMARC checks
  • README.md: add note about the "dkim" debug domain, fix broken markdown

Signed-off-by: Albrecht Dreß albrecht.dress@posteo.de

Merge request reports