1package dkim

2

3import (

4 "fmt"

5 "strings"

6)

7

8// DefaultPolicy is the default DKIM policy.

9//

10// Signatures with a length restriction are rejected because it is hard to decide

11// how many signed bytes should be required (none? at least half? all except

12// max N bytes?). Also, it isn't likely email applications (MUAs) will be

13// displaying the signed vs unsigned (partial) content differently, mostly

14// because the encoded data is signed. E.g. half a base64 image could be

15// signed, and the rest unsigned.

16//

17// Signatures without Subject field are rejected. The From header field is

18// always required and does not need to be checked in the policy.

19// Other signatures are accepted.

20func DefaultPolicy(sig *Sig) error {

21 // ../rfc/6376:2088

22 // ../rfc/6376:2307

23 // ../rfc/6376:2706

24 // ../rfc/6376:1558

25 if sig.Length >= 0 {

26 return fmt.Errorf("l= for length not acceptable")

27 }

28

29 // ../rfc/6376:2139

30 // We require at least the following headers: From, Subject.

31 // You would expect To, Cc and Message-ID to also always be present.

32 // Microsoft appears to leave out To.

33 // Yahoo appears to leave out Message-ID.

34 // Multiple leave out Cc and other address headers.

35 // At least one newsletter did not sign Date.

36 var subject bool

37 for _, h := range sig.SignedHeaders {

38 subject = subject || strings.EqualFold(h, "subject")

39 }

40 var missing []string

41 if !subject {

42 missing = append(missing, "subject")

43 }

44 if len(missing) > 0 {

45 return fmt.Errorf("required header fields missing from signature: %s", strings.Join(missing, ", "))

46 }

47

48 return nil

49}

50