Send dmarc-discuss mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://dmarc.org/mailman/listinfo/dmarc-discuss
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dmarc-discuss digest..."
Today's Topics:
1. Re: Two DKIM sections in the DMARC report from Google
(The Venus Project)
2. Re: Two DKIM sections in the DMARC report from Google
(Roland Turner)
3. Re: Two DKIM sections in the DMARC report from Google
(Vladimir Dubrovin)
----------------------------------------------------------------------
Message: 1
Date: Mon, 7 Sep 2015 23:47:21 +0300
From: The Venus Project <[email protected]>
To: Vladimir Dubrovin <[email protected]>, [email protected]
Subject: Re: [dmarc-discuss] Two DKIM sections in the DMARC report
from Google
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Good idea, Vladimir.
I just set up a forward to my gmail address and sent a message to it.
Here are the headers from that: http://pastebin.com/qRMPAbjX
As I can see, there is only one DKIM signature.
I'm still trying to see whether in some situations our emails get DKIM
signed twice. It seems like the forwarding is not such a case, at least
from this test that I did.
Regards,
Borislav
On 9/6/2015 1:01 AM, Vladimir Dubrovin wrote:
May be, you have two DKIM-Signature fields in the message for some
cases, e.g. redirected/auto-forwarded messages?
The Venus Project via dmarc-discuss ?????:
Hi,
I see something strange in the DMARC reports that we're getting from
Google. Here is the relevant section from the XML file:
<record>
<row>
<source_ip>109.73.224.155</source_ip>
<count>10</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>thevenusproject.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>thevenusproject.com</domain>
<result>pass</result>
</dkim>
<dkim>
<domain>thevenusproject.com</domain>
<result>fail</result>
</dkim>
<spf>
<domain>thevenusproject.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
As you can see, it seems to check DKIM two times - one time it passes
and one time it fails. I am kinda baffled by this. There is only one
DKIM section in the reports that we're getting from Microsoft and Yahoo.
Also, we have only one DKIM DNS record set up for thevenusproject.com.
Does anyone have any idea why this double checking of DKIM (with
different results) is happening with Google?
Thanks in advance,
Borislav
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well
terms (http://www.dmarc.org/note_well.html)
------------------------------
Message: 2
Date: Tue, 8 Sep 2015 03:15:15 +0000
From: Roland Turner <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Re: [dmarc-discuss] Two DKIM sections in the DMARC report
from Google
Message-ID:
<db5pr02mb1030861dda6c19dbb0b0a829e6...@db5pr02mb1030.eurprd02.prod.outlook.com>
Content-Type: text/plain; charset="koi8-r"
Here's a scenario, although it's a little contrived:
- two people in your organisation are subscribed to an external mailing list
- one posts to the list, the post is DKIM signed but the list's addition of a
footer breaks the signature
- that message goes to the second subscriber within your organisation
- that second person is [MTA-]forwarding messages to Gmail
- the forwarded copy gets another DKIM signature on it
- the message reaching Gmail has both the original signature, broken by the
list's changes, and the second signature, still valid
I'm not saying that this is what's going on (one or several of the above might
be invalid in your situation, or even generally), but wish merely to
demonstrate that forwarding and forwarding-like actions can create rather
complicated situations that are difficult to diagnose. The question is not
whether the above scenario is what's happening, but whether any combination of
forwarding, list expansion, legitimate independent sending, ... is causing what
you're seeing.
- Roland
Roland Turner | Labs Director
Singapore | M: +65 96700022
[email protected]
________________________________________
From: dmarc-discuss <[email protected]> on behalf of The Venus Project
via dmarc-discuss <[email protected]>
Sent: Tuesday, 8 September 2015 04:47
To: Vladimir Dubrovin; [email protected]
Subject: Re: [dmarc-discuss] Two DKIM sections in the DMARC report from Google
Good idea, Vladimir.
I just set up a forward to my gmail address and sent a message to it.
Here are the headers from that: http://pastebin.com/qRMPAbjX
As I can see, there is only one DKIM signature.
I'm still trying to see whether in some situations our emails get DKIM
signed twice. It seems like the forwarding is not such a case, at least
from this test that I did.
Regards,
Borislav
On 9/6/2015 1:01 AM, Vladimir Dubrovin wrote:
May be, you have two DKIM-Signature fields in the message for some
cases, e.g. redirected/auto-forwarded messages?
The Venus Project via dmarc-discuss ?????:
Hi,
I see something strange in the DMARC reports that we're getting from
Google. Here is the relevant section from the XML file:
<record>
<row>
<source_ip>109.73.224.155</source_ip>
<count>10</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>thevenusproject.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>thevenusproject.com</domain>
<result>pass</result>
</dkim>
<dkim>
<domain>thevenusproject.com</domain>
<result>fail</result>
</dkim>
<spf>
<domain>thevenusproject.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
As you can see, it seems to check DKIM two times - one time it passes
and one time it fails. I am kinda baffled by this. There is only one
DKIM section in the reports that we're getting from Microsoft and Yahoo.
Also, we have only one DKIM DNS record set up for thevenusproject.com.
Does anyone have any idea why this double checking of DKIM (with
different results) is happening with Google?
Thanks in advance,
Borislav
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well
terms (http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
------------------------------
Message: 3
Date: Tue, 8 Sep 2015 12:37:35 +0300
From: Vladimir Dubrovin <[email protected]>
To: Roland Turner <[email protected]>,
"[email protected]" <[email protected]>
Subject: Re: [dmarc-discuss] Two DKIM sections in the DMARC report
from Google
Message-ID: <[email protected]>
Content-Type: text/plain; charset=KOI8-R
There is also more simple scenario if there is an internal mailing list
within the same domain. Message is signed by sender and by mailing list
software. First signature is broken because message is modified. It's
exactly what happens on this mailing list. If somebody writes to
[email protected] message has two signatures: broken one added by
sender and valid one added by mailing list.
More possible scenarios are antiviral software and/content filters,
which modify message subject/body and re-apply DKIM.
Roland Turner via dmarc-discuss ?????:
Here's a scenario, although it's a little contrived:
- two people in your organisation are subscribed to an external mailing list
- one posts to the list, the post is DKIM signed but the list's addition of a
footer breaks the signature
- that message goes to the second subscriber within your organisation
- that second person is [MTA-]forwarding messages to Gmail
- the forwarded copy gets another DKIM signature on it
- the message reaching Gmail has both the original signature, broken by the
list's changes, and the second signature, still valid
I'm not saying that this is what's going on (one or several of the above might
be invalid in your situation, or even generally), but wish merely to
demonstrate that forwarding and forwarding-like actions can create rather
complicated situations that are difficult to diagnose. The question is not
whether the above scenario is what's happening, but whether any combination of
forwarding, list expansion, legitimate independent sending, ... is causing what
you're seeing.
- Roland
Roland Turner | Labs Director
Singapore | M: +65 96700022
[email protected]
________________________________________
From: dmarc-discuss <[email protected]> on behalf of The Venus Project
via dmarc-discuss <[email protected]>
Sent: Tuesday, 8 September 2015 04:47
To: Vladimir Dubrovin; [email protected]
Subject: Re: [dmarc-discuss] Two DKIM sections in the DMARC report from Google
Good idea, Vladimir.
I just set up a forward to my gmail address and sent a message to it.
Here are the headers from that: http://pastebin.com/qRMPAbjX
As I can see, there is only one DKIM signature.
I'm still trying to see whether in some situations our emails get DKIM
signed twice. It seems like the forwarding is not such a case, at least
from this test that I did.
Regards,
Borislav
On 9/6/2015 1:01 AM, Vladimir Dubrovin wrote:
May be, you have two DKIM-Signature fields in the message for some
cases, e.g. redirected/auto-forwarded messages?
The Venus Project via dmarc-discuss ?????:
Hi,
I see something strange in the DMARC reports that we're getting from
Google. Here is the relevant section from the XML file:
<record>
<row>
<source_ip>109.73.224.155</source_ip>
<count>10</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>thevenusproject.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>thevenusproject.com</domain>
<result>pass</result>
</dkim>
<dkim>
<domain>thevenusproject.com</domain>
<result>fail</result>
</dkim>
<spf>
<domain>thevenusproject.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
As you can see, it seems to check DKIM two times - one time it passes
and one time it fails. I am kinda baffled by this. There is only one
DKIM section in the reports that we're getting from Microsoft and Yahoo.
Also, we have only one DKIM DNS record set up for thevenusproject.com.
Does anyone have any idea why this double checking of DKIM (with
different results) is happening with Google?
Thanks in advance,
Borislav
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well
terms (http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
