>"Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies."
>So I'm wondering why this email is being failed by ASSP with a DKIM failure even though one of the signatures in the header passes correctly. Don't confound DKIM and DMARC! RFC rules: To pass the DKIM check, every DKIM signature has to be valid. To pass the DMARC check, at least one DKIM signature has to align and has to be valid and ..... The first signature is invalid in every case, because it is a fake. There is no DKIM-selector 's=dkim' available for gmail.com (TXT dkim_domainkey.gmail.com) . gmail.com currently uses only the selector 's= 20161025' (TXT 20161025._domainkey.gmail.com) So, the assp DKIM check fails for this mail. It is a 'hard' fail, because DNS fails - a soft fail would be 'the header was altered' or 'the body was altered'. How ever, the assp DMARC check will also fail, because assp assumes that every DKIM signature has to be valid. There is not a single good reason, because a DKIM-signature should become invalid for DNS or policy reasons. Thomas DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
