All notable changes to this project will be documented in this file.
- Improved table views for sign rules and DKIM keys (#248, #305). E.g. it is now possible to delete multiple entries at once.
- Updated default rules and favicons (#440, #444, #447).
- Added support for using the Brand Indicators for Message Identification (BIMI) when showing favicons is enabled (#242).
- Added the possibility to show a favicon for a specific From address or AUID (#107).
- Don't save DKIM results that contain a temporary error.
- Show proper error message if parsing of a message failed.
- Show DKIM label if "Hide labels column" is enabled.
- Authentication-Results header: if reading of non RFC compliant ARHs is enabled,
a
:in a property value is now allowed without the value being in a quoted-string. - Authentication-Results header: don't restrict result keyword for unknown methods.
- Fixed signature verification if a signed header contains a non ASCII character.
- Fixed support for Thunderbird Conversations add-on in Thunderbird 115 and later (#395).
- Libunbound resolver: Fixed using a relative path to the profile directory in Thunderbird 115 and later (#385).
- Added Polish translation (by dMbski) (#392).
- Options navigation is now flat.
- Updated default rules and favicons (#387, #393, #399).
- Fixed incompatibility with Thunderbird 115 if no preferences exist, e.g. a new installation.
- Fixed incompatibility with Thunderbird 115 (#364).
- Support the offline mode of Thunderbird. No DNS queries are done if Thunderbird is in the offline mode (#129).
- JSDNS: Support IPv6 addresses (#363)
- JSDNS: Improved how the addon behaves if all DNS servers were not reachable. By default the addon will now try them again instead of getting in a state there all further DNS queries will fail (#269). If getting DNS servers from OS configuration is enabled, they will now also be read from the OS again (#90).
- Updated default rules and favicons (#365).
- Extract the received time from the last Received header and use it as the verification time (#336).
- Fixed incompatibility with Thunderbird 113 (#352).
- Fixed extension not working for attached or external messages (#216). Requires Thunderbird 106 or later.
- Fixed empty tags being treated as ill-formed. This e.g. fixes revoked DKIM keys.
- Fixed tooltip for From header in Thunderbird 102 or newer (#311).
- Fixed missing body resulting in internal error (#347).
- Added Traditional Chinese translation (by NightFeather) (#335).
- Updated default rules and favicons (#334, #337).
- Invalid Reply-To header is now ignored instead of resulting in internal error (#321).
- Updated default rules and favicons (#323, #326, #327).
- Added heuristic to detect maliciously added unsigned headers (#102).
- Configurable option to warn about unsigned headers that are recommended to be signed (#102, #277).
- Improved theming of header icon in Thunderbird 102.
- Authentication-Results header: Prefer to show failure results that include a reason and are related to the sending domain (#247).
- Fixed error when opening messages in a new window in Thunderbird 102.
- updated default rules and favicons
- now requires at least Thunderbird 91
- fixed incompatibility with Thunderbird 102 (#306, #312)
- Added support for signing algorithm Ed25519-SHA256 (RFC 8463) (#142)
- JSDNS: fixed incompatibility with Thunderbird 101 (#303)
- Authentication-Results header: check sign algorithm used for DKIM (RFC 8601) (#219)
- fixed multiple from addresses being treated as ill-formed (#304)
- updated default rules and favicons
- fixed blank line in header if email does not contain DKIM signature (Thunderbird 97) (#293)
- fixed some dialog windows being to small (#296)
- fixed header spanning multiple lines possibly being cropped at the bottom
- fixed wrapping of header in Thunderbird 99
- added Ukrainian translation (by lexxai) (#297)
- fixed incompatibility with Thunderbird 96 (#279)
- Re-added support for Thunderbird Conversations add-on (#203)
- show proper error message on ill-formed from (#238)
- ignore ill-formed List-Id (#262) and fix parsing of List-Id
- Authentication-Results header: fixed sorting of DKIM results in regards to list id
- fixed options styling for Thunderbird 91
- added Brazilian Portuguese translation (by David BrazSan) (#283)
- Add ability to export/import sign rules (#220)
- Fix layout issues in table views (Sign rules / stored keys) (#248)
- updated default rules and favicons (#263, #266, #274, #281, #284)
- now requires at least Thunderbird 78
- fixed incompatibility with Thunderbird 78 (#199)
- removed option to show DKIM result in the statusbarpanel
- Authentication-Results header: fixed parsing of version
- Authentication-Results header: fixed parsing of quoted SDID and AUID (#229, #234)
- Authentication-Results header: fixed missing reason on fail resulting in error (#232)
- libunbound resolver: Don't provide a default path (#199)
- libunbound resolver: Improve options description (#199)
- added about page in options
- added incomplete Swedish translation (by Phoenix)
- added Spanish translation (by Peter O Brien) (#239)
- updated default rules and favicons (#208, #209, #210)
- includes changes from 2.2.0
- fix default rules and favicons (#197)
- Authentication-Results header: fix relaxed parsing option and trailing ";"
- exposed option on how to treat weak keys. Default is now ignore (was warning since 2.1.0) (#174)
- fixed default text color for unsigned e-mail in dark theme if highlighting of From header is enabled (#181)
- libunbound resolver: add ability to explicitly load dependencies of libunbound (#170, #179)
- updated default rules and favicons (#165, #168, #169, #180)
- fixed incompatibility with Thunderbird 70 (#167)
- fixed DKIM status not visible when a message is opened in a new window (#172)
- fixed incompatibility with CompactHeader add-on (#177)
- JSDNS: fixed proxy support (#173)
- now requires at least Thunderbird 68
- fixed incompatibility with Thunderbird 68/69 (#115)
- libunbound resolver: remove old root trust anchor (key tag 19036)
- Cryptographic Algorithm and Key Usage Update (RFC 8301, #141)
- updated default rules and favicons (#140, #145, #152, #157, #159)
- added Hungarian translation (by Óvári) (#164)
- fixed signature verification in case the RSA key has an odd key length (#112)
- fixed DMARC heuristic (#125)
- fixed "*" not being recognized as valid Service Type in DKIM Keys (#134)
- changed update DKIM key button to now update the keys of all DKIM signatures in the e-mail
- Authentication-Results header: fixed mixed case results specified by older SPF specs resulting in a parsing error (#135)
- JSDNS: fixed a problem getting the default DNS servers on Windows (#116, #120)
- JSDNS: reduced default DNS server timeout from 10 to 5 seconds
- updated included third-party libraries
- updated default rules and favicons
- now requires at least Thunderbird 52
- added toolbar button and menuitem for sign rules
- added option to try to read non RFC compliant Authentication-Results header
- fixed incompatibility with Thunderbird 57/59/60
- fixed favicons not being shown if the CardBook add-on is installed
- fixed "Add must be signed exception" button being disabled if wrong signer is only a warning
- updated default rules and favicons
- libunbound resolver: added ability to specify multiple trust anchors
- libunbound resolver: added new root trust anchor (key tag 20326)
- updated default rules and favicons
- added Japanese translation (by SAKURAI Kenichi)
- updated default rules
- fixed saving of result with DNSSEC lock enabled
- fixed incompatibility with Thunderbird 52 and libunbound
- updated default rules and favicons
- fixed incompatibility with Thunderbird 52
- updated default rules and favicons
- fixed incompatibility with Silvermel/Charamel
- fixed Problem with copied header fields
- updated default rules and favicons
- fixed problem with old Thunderbird versions and sign rules
- added option to indicate successful DNSSEC validation with a lock (enabled by default)
- added option to show the favicon of some known signing domains (enabled by default)
- added option to show the ARH result alongside the add-ons, instead of replacing it
- JSDNS: differentiate between a server error and an non existing DKIM key
- sign rules: ignore must be signed for outgoing messages
- sign rules: updated default rules
- fixed updating a DKIM key or marking it as secure via the "Other Actions" button
- fixed verification for external messages
- sign rules: updated default rules
- added option to enable/disable DKIM verification for each account
- JavaScript DNS library: added support to use a proxy
- sign rules: updated default rules (added firefox.com)
- DKIM key: empty, but existing DNS record is now treated as a missing key instead as an ill-formed one
- fixed installing problem if extensions.getAddons.cache.enabled is set to false (https://bugzilla.mozilla.org/show_bug.cgi?id=1187725)
- fixed incompatibility with Thunderbird 46
- Authentication-Results header: fixed trusting all authentication servers
- simplified shown error reasons and added advanced option for detailed reasons
- Authentication-Results header: reading of the ARH can now be set for each account
- Authentication-Results header: added option to only trust specific authentication servers
- Authentication-Results header: continue verification if there is no DKIM result in the ARH header
- Authentication-Results header: allow also unknown property types to be compliant with RFC 7601
- Authentication-Results header: fixed bug if ARH header exists, but no message authentication was done
- JavaScript DNS library: no longer get the DNS servers from deactivated interfaces under windows
- libunbound resolver: no longer blocks the UI of Thunderbird
- libunbound resolver: changing preferences no longer needs a restart
- fixed error in parsing of Authentication-Results header
- added additional debugging calls
- fixed bug if a header field body started with a ":"
- added compatibility for Thunderbird 40
- fixed bug in the sorting of the results of multiple DKIM signatures
- updated default sign rules
- DNS errors in DMARC heuristic are now ignored (previously this resulted in an internal error)
- fixed error resulting in incompatibility with Thunderbird 36
-
added option to treat ill-formed selector tag as as error/warning/nothing (default warning; previous behavior was error)
-
added support for multiple signatures
-
added option to read Authentication-Results header
-
added French translation (by Christophe CHAUVET)
-
fixed problem with JavaScript DNS Resolver and long DKIM keys, resulting in error "Key couldn't be decoded"
-
fixed incompatibility with compact headers add-on
- added Chinese (Simplified) translation (by YFdyh000)
- fixed the showing of a wrong error reason in some cases of a bad RSA signature
- fixed an issue in formated strings ("%S" was not replaced)
- added option for sign rules to allow also subdomains of the SDIDs (enabled by default)
- fixed comparison of domains (was case sensitive)
- updated default sign rules
- fixed error if e-mail is from a domain on the public suffix list (like "googlecode.com")
- updated default sign rules
- fixed bug in use of libundboud (non existing domain was treated as server error; caused problems with DMARC)
- added options for automatically added sign rules
- added option to use DMARC to heuristically determinate if an e-mail should be signed
- fixed sign rules being automatically added even if signRules are disabled
- fixed bug in getting DNS name server from OS under Linux/Mac (last line was not read)
- added Italian translation (by Michele Locati)
- statusbarpanel and tooltip are now set to loading on reverify
- DKIM Keys and signers rules window can now be opened at the same time
- fixed bug in an error message of the JavaScript DNS library
- added advanced options for the JavaScript DNS library useful in case of bad network connection (not available through GUI)
- fixed bug in sign rules if from address contains capital letters
- fixed verification of unsigned e-mails which are marked as should be signed by sign rules
- fixed internal error if sign rules are disabled
- fixed DKIM_SIGWARNING_FROM_NOT_IN_SDID
-
added signers rules
-
added key storing
-
added libunbound as second DNS resolver (supports DNSSEC)
-
from tooltip now also works if Thunderbird's status bar is disabled
-
fixed some patterns (A-z to A-Za-z, dkim_safe_char, qp_hdr_value)
-
fixed pattern for note tag in DKIM key
-
fixed bug in DKIM_SIGWARNING_FROM_NOT_IN_AUID
-
validate tag list as specified in Section 3.2 of RFC 6376
-
now differentiation between missing and ill-formed tags
-
added check that hash declared in DKIM-Signature is included in the hashs declared in the key record
-
added check that the hash algorithm in the public key is the same as in the header
- fixed bug for detection of configured DNS Servers in Windows (if more then one DNS server was configured for an adapter)
- fixed bug if "other actions" button of CompactHeader add-on toolbar is not included
- better detection of configured DNS Servers in Windows
- added option for displaying of header, status bar and tooltip for From header
- fixed false detection of DKIM_SIGERROR_DOMAIN_I
- made options height smaller
- fixed error in "simple" body canonicalization algorithm resulting in "Wrong body hash"
- fixed bug for mixed CRLF and LF EOLs in body (resulting in "Wrong body hash")
- fixed error if external message was viewed (but there is still a problem with IMAP attachments)
- fixed bug ("DKIM-Signature" header name was case sensitive)
- added option to get DNS Servers from OS
- added support of multiple DNS servers
- added optional saving of the result
- DNS Server not reachable no longer treated as a PERMFAIL
- added TEMPFAIL
- changed how msgHdrViewOverlay.css is loaded
- header highlighting now works with collapsed header from CompactHeader addon
- works now also if e-mail has LF line ending
- fixed alignment of warning-icon in mac (by Nils Maier)
- DKIM-Signature header field name now in same style as the others (by Nils Maier)
- fixed bug if message needs to be downloaded from IMAP server
- added German translation (by ionum)
- fixed relaxed canonicalization of a body with only empty lines (by ionum)
- small displaying changes in options
- warnings are displayed
- added warning for
- Signature is expired
- Signature is in the future
- From is not in SDID
- From is not in AUID
- Signature key is small
- added option to treat testmode as warning, not as error
- added options for highlighting of From header
- added option to always show DKIM-Signature header field
- fixed relaxed body canonicalization for non trailing CRLF
- fixed parsing of Message canonicalization if only one algorithm is named
- added partial support of CNAME record type in DNS Library
- fix bug if nonexisting header field is signed
- fixed parsing of AUID
- fixed issue with RSS feeds
- added debug info to rsasign-1.2.js
- fixed regex pattern for SDID, Selector and local_part
- fixed problem with CompactHeader addon
- options dialog added
- body length tag was checked before canonicalization
- fixed simple body canonicalization for empty body or no trailing CRLF
- DNS, RSA, ... helper scripts now in DKIM_Verifier namespace
- fixed regex pattern for domain_name ("." was not escaped)
- query method was parsed wrong
- last header field was parsed wrong
- DNS exception now caught
- check that from header is signed now included
- key record flags are no longer ignored
- Multiple Instances of a header Field are now supported
- encoding issue for body hash fixed
- Initial release