Authentication-Results should also contain DMARC and DKIM result

New subscriber here.

I wanted to request an email header enhancement. For incoming email, currently the "Authentication-Results" header only displays if SPF passed or failed. Other email implementations also place the DKIM and DMARC results there. I'm requesting the Cloudron email also place the DKIM and DMARC results in the Authentication-Results header.

Authentication-Results: mail2.outsi.de (dis=neutral; info=dmarc domain policy);
    dmarc=pass (dis=neutral p=reject; aspf=r; adkim=r; pSrc=dns) header.from=example.org;
    dkim=pass header.d=example.org header.s=r header.b=O/8zOi6w

I believe this available by adding OpenDMARC to Postfix.

When fully functional this header is a useful troubleshooting tool for incoming emails.

@girish Hi there. Thanks for checking into this for me.

I had a suspicion that the spam engine was verifying, since I did see those fields in the Spam results headers. However I think it's also useful to have Haraka add the headers as well. It would add very little overhead and will add additional detail that the spam header doesn't contain about the DKIM verification (such as which signature failed or passed, since an email can contain multiple).

In regards to DMARC. I don't believe this would be risky at all if implemented in the following manner:

• No DMARC record found, take no action.
• DMARC found, DKIM/SPF aligned, take no action
• DMARC found, DKIM/SPF alignment fails, but p=none, take no action.
• DMARC found, DKIM/SPF alignment fails, but p=quarantine, move to spam folder
• DMARC found, DKIM/SPF alignment fails, p=reject, dev/null the mail. If you don't like the risk of this, push it to spam instead... or make it a cloudron option under Settings.

Thanks for listening.