Is anyone here forwarding your bind-users messages to gmail or a google-hosted domain?
Bjørn Mork
bjorn at mork.no
Wed Apr 20 08:55:17 UTC 2022
Dan Mahoney <dmahoney at isc.org> writes:
> We've seen a number of messages reported to us as having an isc.org "from"
> address, and as having our dkim signatures, but the signatures failing to
> verify, perhaps because a forwarder may have added a subject tag or
> rewritten some other header. Of course, SPF also fails because those
> servers aren't in our SPF record.
I don't forward to gmail, but I've noticed that my DKIM signature on
messages to this list fail verification. I believe this problem is
specific to this list, as it doesn't happen with most other lists.
I assume the reason is the body modfications by the list server.
See for example <87mtgsx4n4.fsf at miraculix.mork.no> from Sun, 10 Apr 2022
18:52:15 +0200
Or you can just look at this messages, which will have a valid DKIM
signature when received by the lists.isc.org mx. But most likely messed
up when forwarded from lists.isc.org.
I'm pretty sure the invalid DKIM signature counts as negative for gmail
even if the ISC DKIM signature is valid. And fixing that should be
within your control?
Bjørn
More information about the bind-users
mailing list