Paul, I had a look at your emails and this is my educated guess… I see you are using a postfix server for your domain: 220 secure.paul-scott.us ESMTP Postfix
I would suspect this is the same server you use for your customers. This server seems to be hosted by digital ocean I would contact digital ocean to ask them to help you configure postfix so it does not break DKIM signature when forwarding. For instance it could be an issue with disable_mime_output_conversion which needs to be disabled (=yes), see http://mipassoc.org/pipermail/ietf-dkim/2009q1/011585.html but it could be something else too… Postfix does not break DKIM when forwarding if configured as such. On Apr 26, 2014, at 9:58 PM, Franck Martin <[email protected]> wrote: > Paul, > > To me it seems because your mail server breaks DKIM when forwarding. DMARC > relies on DKIM not getting broken in your scenario. > > Here what I propose you. > 1) open an email account at gmail > 2) open an email account at yahoo > 3) acquire a private domain and get it to relay all mails to the yahoo account > 4) send an email from the gmail account to the private domain > 5) check the authentication results on the email you received at gmail > 6) see that DKIM was broken > 7) fix your mail server until DKIM does not break > > If you tell us what mail server you use to forward, may be we can point you > to some information on how to preserve DKIM. > > How that sounds? >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
