I am having issues with email from GMail that is being caught as spam due to an invalid DKIM signature. This is email that is coming from a custom domain name, but being serviced by GMail.
This is on ASSP running on the current development version. The email arrives with two DKIM signatures in the header: DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gmail.com; s=dkim; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=++EW1uAkqHFqZqNJ5t5Gv9llZEB9cnlehpcZ3wCfVC8=; b=tpABI4iuHdvFng3G7LHL2Sjd14 I/rmPBBrXaFABHBnc8dUR2R6o4pyYjPQtb+YlhgizOsLb/qxaXTGGcIT5zK00h/GMJAQ4E3VuTTt9 E8rVXCEfTjV1qAYg6e8Z6JWg03VIE+TBLUiaWD3wfBx7G5k/UjFU5JBX//awbm7gXxoIkyDYyhZ9W 6uH1qM0GVdxNKgyeDuUoCgGPdA+adGS+C8FgqhcNur9FeJquEEfVMuim+ih+CsGEFkdijuxJ+5mI3 im+GFfaHAVEx8j6W1C27hqDHvOs7kTF8oRbHicQvQicroawj7uQk14LDk2kEcTrKr/fENTha+z0a3 /8eYbRyQ==; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=++EW1uAkqHFqZqNJ5t5Gv9llZEB9cnlehpcZ3wCfVC8=; b=RZKtV5KUmfrEX1AJ5C6wkvusBvVS22+ffVEoG+ZCZDdJXx22O7Y0j7PaLfFmH7XWCa +GJiz9nNGrcbRKcp1qa/OJdT0uE1IkraTHCO7tKdyD7GA1gewVUOKkJQ8fdl1IoeODwn qYlpE0aqSbYo6h1c+ycFB4wtEPbGbux23IHhQtnYmpE8LRQzV5UUh2/M9xmOXMIi2KRD HzfxFTXsF95xB997OkhrBnz6PsYTdY4VLRs+Q8Yt7zARjS74ujtUmKN6IVOJ7buf8OLB Qoyvter31MbVMXmCG8PF+4ZnxooCNKOeGWXqNXRP1AeV/nZNvmJGKiNET45aYez38nGO Mrrw== When analyzing this email, ASSP reports that the DKIM signature fails: DKIM-check returned OK failed - invalid for identity '' If I remove the first DKIM signature from the header, leaving the second one, and run it through the analyzer, it passes: DKIM-check returned OK verified-OK for identity '@gmail.com' If I remove the second signature, leaving the first one, it fails as above. I've read in multiple places online that in cases of emails with multiple DKIM signatures, only one needs to be valid. From https://tools.ietf.org/html/rfc7489 "Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies." So I'm wondering why this email is being failed by ASSP with a DKIM failure even though one of the signatures in the header passes correctly. _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
