BetaRays writes:
> Are there any other tools I could use to check that my ed25519 DKIM
> signatures are in fact valid, or, if the issue is simply gmail rejecting
> anything with an algorithm it doesn’t know about (even though this case
> is mentionned in the DKIM specification), is there a way to remove the
> ed25519 signature only for that domain? (even if it means stripping an
> already calculated signature)
According to RFC 7489, "it is considered to be a DMARC 'pass' if any
DKIM signature is aligned and verifies."
Indeed, the email I'm replying to passed through GMail's filters just fine,
after going through the list server first:
Authentication-Results: mx.google.com;
dkim=pass header.i=@changeme.fr.eu.org header.s=20250128-rsa1024
header.b=MHoj1hIC;
dkim=neutral (no key) header.i=@changeme.fr.eu.org header.b=XVpwPOtM;
spf=pass (google.com: domain of ... designates 199.247.13.58 as
permitted sender) smtp.mailfrom="...";
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=changeme.fr.
eu.org
So besides the two possibilities you mentioned, a third, more likely
possibility is that GMail grants your message a DMARC pass due to its
RSA signature, but still considers it probable spam due to other factors
important to its algorithms. For starters, I would wonder how Google
feels about your IP address and domain name.
