Hi, On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote: > --- sninp --- > > Authentication-Results: mail35c50.megamailservers.eu; spf=none > smtp.mailfrom=lists.debian.org > Authentication-Results: mail35c50.megamailservers.eu; > dkim=fail reason="signature verification failed" (2048-bit key) > header.d=debian.org header.i=@debian.org header.b="pDp/TPD5" > Return-Path: <bounce-debian-devel=hans.ullrich=loop...@lists.debian.org> > Received: from bendel.debian.org (bendel.debian.org [82.195.75.100]) > by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id > 425I9ZEK112497 > for <hans.ullr...@loop.de>; Tue, 5 Mar 2024 18:09:37 +0000 > > --- snap --- > > White mails get the dkim=pass and spam mails got dkim=fail (as you see above).
A great many legitimate emails will fail DKIM so it is not a great idea to reject every email that does so. I don't think that you are going to have a good time using Internet mailing lists while your mail provider rejects mails with invalid DKIM, so if I were you I'd work on fixing that rather than trying to get everyone involved to correctly use DKIM. In this specific example your problem is that a mail came through the Debian bug tracking system (which pretends to be the original sender) and on the way out was DKIm signed by debian.org and then went through Debian's list servers. Somewhere in there the DKIM signature was broken. I don't rate your chances of getting the operators of bugs.debian.org and lists.debian.org to agree to preserve DKIM since I know at least some of them are severely opposed to DKIM. Your mailbox provider really should not be rejecting everything that has a broken DKIm signature. This email from me will probably have a broken DKIM signature. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting