On Mon, Oct 06, 2014 at 12:11:33PM -0400, Ricardo Signes wrote:
> I've seen a number of messages about Yahoo! and DMARC failures, but none seem
> to touch on what I think is the big problem right now. If I missed this
> happening, I apologize.
>
> For some completely inexplicable reason, their DKIM signatures now (often, but
> not always) look like this:
>
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
> t=1412607024; bh=ZJ8Kpz6ZlqWM7sz40HW3fMAm5i4O9s27k2poen3h01U=;
>
> h=Received:Received:Received:X-Yahoo-Newman-Property:X-Yahoo-Newman-Id:X-YMail-OSG:Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Length:From:Subject;
> ...
>
It is also odd that they sign "Received" headers, I thought BCP
was to avoid doing that:
http://tools.ietf.org/html/rfc4871#section-5.5
The following header fields SHOULD NOT be included in the signature:
o Return-Path
o Received
o Comments, Keywords
o Bcc, Resent-Bcc
o DKIM-Signature
--
Viktor.
