>In our testing at Cisco, we are seeing a small but significant number >of failure mainly due to various system bots that send naked CR's in >a message.
Yeah, there are a lot of badly written MUAs. > What I have found is that at the very least, sendmail and Ironport >handle these two cases differently. Right. Different MTAs do different, fairly random things to mail that isn't 2822 compliant. (They do random things to mail that is compliant, but their mutations to non-compliant mail are more extreme.) Trying to guess what's going to happen and to try to program around it is a guaranteed exercise in frustration. My strong suggestion is to say that if you want your DKIM signatures to interoperate, you should only sign compliant mail. If someone or something injects a non-compliant message to your MTA, fix it before signing it. It's hard for me to envision a situation where this isn't the right thing to do. This is what my qmail setup does now -- locally injected mail has formatting errors corrected and missing headers added before it's passed along, while incoming MX mail is just passed through except if it has bare linefeeds in which case it's rejected. There are a whole lot of ways to construct a not-quite-2822 message other than bare carriage returns, and I see no reason to try to revisit this well-trodden territory. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
