On Tue, Nov 11, 2025 at 06:58:09PM +0100, Thomas Barth via users wrote: > the scoring of SpamAssassin is somehow wrong. > > From the the header > Authentication-Results: ...; > dkim=fail reason="signature verification failed" (2048-bit key; > unprotected) header.d=pt838.cc ... > > But SpamAssassin gives a bonus: > DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, > DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, > > Why the bonus and no DKIM_INVALID?
It's hard to say without whole email sample being put on somewhere. (If you can't share it for privacy reasons, perhaps you can construct minimal viable example which fails in same way but should pass, and share that instead) Other than that: Which SA version? Is that Authentication-Results from your SA or something else? What is its full output? Are there other headers related to authentication? e.g. as the docs say: describe DKIM_VALID Message has at least one valid DKIM or DK signature So it may be that there are multiple signatures, and ONE of them is valid (and some [or all] of the others are not). And especially, what does "spamassasin -D -t" say when you pass that message through it? -- Opinions above are GNU-copylefted.
