-
Notifications
You must be signed in to change notification settings - Fork 37
Account Options
A description of the available account specific DKIM Verifier options. For the other Options see here.
Can be used to overwrite the default value of the Verify DKIM signatures option for this account.
Option available since version 1.5.0.
Can be used to overwrite the default value of the Read Authentication-Results header option for this account.
Important
Anyone can send e-mails which already include an Authentication-Results header! Only enable the reading for accounts there the server supports the Authentication-Results header, i.e adds its own Authentication-Results header.
Otherwise attackers could inject malicious results via this header that the add-on will show.
Tip
If you know one of your configured accounts does not support the Authentication-Results header best explicitly disable the reading for it. This prevents maliciously injected headers to be read by accident, e.g. if you enabled the reading globally.
Option available since version 1.4.0.
A space separated list of server-ids whose Authentication-Results headers are trusted. The Authentication-Results of non trusted servers are not used.
If left empty the trusted server-id is extracted from the newest added Authentication-Results header.
Note
The default behavior (i.e. if the list is empty) should be secure for most servers that support the Authentication-Results header. It relies on the server to add an Authentication-Results header for all incoming e-mail, regardless of if a DKIM signature is included or not.
Warning
Prior to version 6.0.0 an empty list resulted in trusting all Authentication-Results!
By default the server-ids have to match exactly.
This behavior can be changed by prepending an @ to a server-id.
In this case the server-id is treated as a domain name, and also sub-domains of the specified server-id are allowed.
E.g. with @example.com, the add-on is also trusting an Authentication-Results with a server-id of foo.example.com.
Option available since version 1.4.0.