Authentication-Results values not shown #466
Description
I have set both Verify DKIM signatures and Read Authentication-Results header. However, a message having:
Authentication-Results: wmail.tana.it;
spf=pass smtp.mailfrom=mailop.org;
dkim=pass reason="Original-From: transformed" header.d=dcrocker.net;
dmarc=pass header.from=mailop.org;
arc=fail (1 set(s)) smtp.remote-ip=91.132.147.157displays DKIM Invalid (E-Mail was modified) despite the signature was previously authenticated. My understanding was that Read Authentication-Results header meant to skip performing a verification when a trusted A-R already has a result. Or is that A-R invalid for some reason? I don't see references to that in the error console, which starts like so:
DKIM_Verifier.AuthVerifier ERROR Ignoring error in parsing of ARH DKIM_Error: Parsing error
match moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/arhParser.mjs.js:354
parseResInfo moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/arhParser.mjs.js:188
parse moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/arhParser.mjs.js:158
getARHResult moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/authVerifier.mjs.js:265
verify moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/authVerifier.mjs.js:177
[authVerifier.mjs.js:267:8](moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/authVerifier.mjs.js)
DKIM_Verifier.AuthVerifier DEBUG ARH result:
Object { version: "3.1", dkim: [], spf: [], dmarc: [], bimiIndicator: undefined }
[authVerifier.mjs.js:348:6](moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/authVerifier.mjs.js)
DKIM_Verifier.Verifier DEBUG 1 DKIM-Signatures found. [verifier.mjs.js:1491:8](moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/dkim/verifier.mjs.js)
DKIM_Verifier.Verifier DEBUG Verifying DKIM-Signature 1 ... [verifier.mjs.js:1506:9](moz-extension://694bf5d4-0ccd-4013-88d6-a4fdb3a218aa/modules/dkim/verifier.mjs.js)The signature is indeed invalid, according to the spec. The A-R value is based on a method to undo the transformation done by a mailing list which could verify the author's signature.
Why isn't the A-R value accepted by DKIM Verifier?