>My current guess is that is causing the DKIM check failure (also, I am >pretty sure that the rewritten email address is invalid). And this >happens with the sending from the GMail web interface, right? If that's >the case I believe the problem is at Stanford. I'll wait until I see >your headers, but if that's the case then maybe your best bet is to >complain to the people at Stanford (or get your Stanford contacts to >complain to them).
So, I took at the original message Bob was kind enough to send me, and with a close reading of RFC 6376 here's what I found: - Certain headers (and the body!) of the message are being mangled. Specifically, the Message-ID, From, Originator, To, Cc, Reply-to, In-Reply-To, and References header are being mangled. The mangling is of the form: Mister Foo Bar <[email protected]> turns into: Mister Foo Bar <[email protected] <[email protected]>> And you get things like: <[email protected]> turning into: <[email protected] <[email protected]>> And like I said, this happens in the body as well. Stuff that looks like a domain name in other headers gets turned into a URL, e.g.: DKIM-Signature: [...] d=gmail.com; [...] turns into: DKIM-Signature: [...] d=gmail.com <http://gmail.com>; [...] - The current message body, as given to me, does not pass the DKIM signature after it's been canonicalized. However, if you unmangle it then then DOES pass the DKIM body signature (as specified in the "bh" parameter of the DKIM-Signature header). In this case the body had an email address in it and the mangling screwed up the signature. - I tried verifying the DKIM signature of the headers after fixing them up, but I couldn't. This is kind of complicated and easy to get wrong, so I decided I didn't want to bother; I am sure that the mangling done here was causing the DKIM signature to fail. I have a hard time believing that Google is mangling email in such a way, but then again I would have had a hard time believing that Stanford would be mangling email in such a way. Since the DKIM hash of the body is correct if it's unmangled, I am pretty sure the problem is at Stanford's end. Why this is happening, I have no idea. I think you'll have to pursue this with Stanford (or get one of your correspondents to do that). --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
