Mark Martinec wrote: > John Levine wrote: >> It is certainly the kind of bug that occurs in PHP scripts when the >> programmer doesn't perfectly understand the quoting rules. It's >> happened to me. > > I'm collecting a set of common mistakes breaking DKIM signatures.
Pulling up a message from a while ago. Mark, did you ever get further with your set of common mistakes? I had occasion to look at a number of DNS key records, and find the following common mistakes: Sample size: 65456 DNS _domainkey (DKIM+DK) records 16 missing semi-colons between fields 1 missing any separators (k=rsap=....) 14 invalid quotation marks (") surrounding the entire record 2 invalid \" surrounding the entire record 5 invalid parens or paren+quotes surrounding the entire record 47 \-quoted characters, particularly \; 9 TTL value or other random DNS data showing up in the record 1 TTL value being in the record instead of the public key 17 random characters in the record, e.g. {, CRLF, backspace, SUB, > 113 SPF records being returned 13 key only, no p= or any other options 1 encoded ; as %3B 1 missing tag before = 8 other data in record (dkim=all, O=-, r=, &, ") 1 v=DKIM1 not first field in record 50 other random errors --- 299 I was not able to verify if any of the keys that had spaces within them were actually valid keys or not. The good news is that of the sample, the majority of the records were just fine. I'm wondering if there is a need for a web interface at dkim.org that would validate someone's _domainkey TXT record. Thoughts? Tony Hansen t...@att.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html