At 08:54 24-03-2009, Mark Martinec wrote: >So here is my list. Each entry reflect an actual case of received mail. >Some of these may have been fixed meanwhile by the sending domain, >so I'm not claiming that all of them still apply for the named domain.
[snip] >- signing a Return-Path header field (e.g.: yahoo-inc.com, [email protected]); This generally occurs with a specific MTA. It is not a RFC compliant behavior. >- signature includes Message-ID in h tag, but there was no Message-ID in > the original message at the time of signing. When a receiving MX inserts > a missing header field, it breaks the signature. That header field is a SHOULD. It is not optional unless your view of implementation is restricted to "MUST". That can be fixed at the message submission stage. >- missing or misplaced public key, e.g. signs as [snip] >- syntax errors in public key: These two problems are generally caught during testing. >- sendmail reformats long lists of addresses in a To header field, > which is why our site is not signing a To header field; Do that cause a verification failure? If so, can you send me a test case off-list? >- some mailers add a space after a colon, e.g. rewriting a > "Subject:foo" into a "Subject: foo" This is a MTA specific issue. >- system time on the signing host is few minutes into the future, > dkim-milter considers it an invalid signature There is a ClockDrift setting to deal with that. People generally do not notice this problem when they debug verification failures. Regards, -sm _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
