Page MenuHomePhabricator
Create Task
Maniphest T355802

Adhere to RFC8048 (one-click unsubscribe) dkim guidelines
Open, HighPublic
Actions

Description

The message needs at least one valid authentication identifier.  In
this version of the specification, the only supported identifier type
is DKIM [RFC6376].  Hence, senders MUST apply at least one valid DKIM
signature to the message.

The List-Unsubscribe and List-Unsubscribe-Post headers MUST be
covered by the signature and included in the "h=" tag of a valid
DKIM-Signature header field.

If the message does not have the required DKIM signature, the mail
receiver SHOULD NOT offer a one-click unsubscribe for that message.

https://datatracker.ietf.org/doc/html/rfc8058#section-4

This will require updating our exim config to sign additional headers as List-Unsubscribe-Post is not included in the default set.

Related Objects
Search...

Event Timeline

jhathaway claimed this task.Jan 24 2024, 4:02 PM
jhathaway triaged this task as High priority.
jhathaway created this task.
lmata subscribed.Jan 24 2024, 4:35 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL