Hello, Many people, including myself, have been receiving the following reject message from Google when a message from @facebookmail.com is sent to a user here at @uwo.ca who is forwarding their mail to @alumni.uwo.ca, which is a Google-hosted domain:
550 5.7.1 Unauthenticated email is not accepted from this domain. u45si20503609yhu.120 We have opened a corporate support ticket with Google and got the following answer: > Thank you for your message. I understand that some emails forwarded > from facebook are being rejected. You might want to set up DKIM > authentication for your domain to resolve this issue. More details > about this are available at the link below: > > http://www.google.com/support/a/bin/answer.py?answer=174124 Please > let me know if you have any additional questions about this case. Since the message that is being forwarded is already DKIM signed by facebookmail.com, and we are simply forwarding it without applying our own DKIM signature, nor modifying the body or any of the signed headers, I asked for clarification as to why we would need to enable DKIM signing in order to forward mail that is already signed. Their reply was: > Thanks for providing additional details. We accept only DKIM > authenticated emails from facebook. Somehow it looks like when your > mail server forwards the message to us some portion of the header is > getting modified. The recipient address changes and there might be > few other sections of the original header that get modified. I did > little more investigation and noticed that we are able to receive > emails from facebook as long as it is properly authenticated. > > You might want to enable DKIM for your domain in CPanel and see if > that helps in resolving the issue. Otherwise the other option might > be to directly send the emails to Google rather than forwarding. > > Please let me know if you have any additional questions about this > case. Again, I'm confused, but I'm not too familiar with DKIM. Of course we're modifying the recipient address since we're forwarding the message. But we only modify the envelope mail from and rcpt to addresses, not the From or To headers. Since we're not modifying any of the signed headers, nor the body of the message, why would Google be rejecting the message for not being authenticated? Before I replied to Google again, I wanted to get a better understanding of what's going on. Am I correct in my understanding of how this should be working? Please let me know if you need more details. Thanks, Andrew _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
