Add support for "ARC Specification for email"

[ghost]

I know this is DKIM verifier (that also verifies SPF and DMARC), but there is a new specification to try to solve some of the problems of DKIM called: ARC ( http://arc-spec.org ).
At least AOL and GMail already validate ARC headers.

I hope in the future dkim_verifier also verifies the ARC header, that at least gmail that I use is using... if it isn't already.

[lieser]

Yes, this would definitely be a nice addition for the add-on. Unfortunately my time is rather limited at the moment, so don't expect it any time soon.

[ghost]

Thanks!
I understand. At least I have made this feature came into your "radar" in the sense that at least I think it would be useful :)
Great work anyways!

[wioxjk]

As @pimlie wrote, it checking for " arc=fail (signature failed);" is enough
pimlie/authres_status#27

[lieser]

This issue was more about verifying ARC locally (ARC-Message-Signature, ARC-Seal), not about getting the ARC status from the Authentication-Results.

As I didn't yet know about the possibly added arc=[pass|fail|policy] to Authentication-Results, I had a quick look at the draft today. My conclusion so far is that adding a check for it would not bring much useful information to a user.

That I did see in the draft is, that if ARC passes, the verifier seems to add a dkim=pass with header.i=@<domain of last arc signer> to the Authentication-Results. As reading of the Authentication-Results is optionally supported by the add-on, it can already show this information.
See the example B.2.3. Example 2: Message received by Recipient from the RFC (download ARC - B.2.3. Example 2 - Message received by Recipient.txt, rename it to .eml, enable ARH reading in the add-on and open the .eml file with Thunderbird)

[cedricgannet]

Just added DKIM Verifier V3.0.1 to Thunderbird V68.2.2 (64-bit) on latest Linux Mint. I received a message without DKIM but the add-on showed the following:

The email was:

Your RS order confirmation - No20-Stock.txt

It looks like the add-on is identifying different types of key and treating them as DKIM keys. I had a similar problem with one using ARC. It would be good to have ARC and similar systems implemented, but until you have, ignore anything that's not specifically identified as DKIM.

Am I missing something?

[lieser]

@cedricgannet
As far as I can tell the error you see has nothing to do with ARC. You have either the DMARC heuristic enabled, or a custom sign rule saying saying that RS-Components.com should be signed (e.g. by the option to automatically add them).

See the following for more info:

• https://github.com/lieser/dkim_verifier/wiki/FAQ#the-add-on-incorrectly-says-that-en-e-mail-should-be-signed
• https://github.com/lieser/dkim_verifier/wiki/Options#use-dmarc-to-heuristically-determine-if-an-e-mail-should-be-signed
• https://github.com/lieser/dkim_verifier/wiki/Options#automatically-add-rules-based-on-viewed-dkim-signed-e-mails

If you still have problems, please create a separate issue for it.