Thanks for the input! Steve -- I've been on a couple calls with Securence and they're not willing to stop the message-id modification. They did offer to tack on .invalid to the FROM address to bypass our DMARC, but I'm not a big fan of that idea. They said they're handling each p=reject on a case-by-case basis, so I'm pretty sure it's breaking for a lot of their other customers. I'm not really sure how to convince them DMARC is a real thing they need to deal with.
Kurt -- From all the samples I've seen, message-id is the only thing getting changed. I'll ask if I can provide you with their contact info and follow up with you. On Thu, May 26, 2016 at 3:36 PM, Kurt Andersen (b) <kb...@drkurt.com> wrote: > On Thu, May 26, 2016 at 1:25 PM, Joel Beckham <j...@bombbomb.com> wrote: > >> Are there any negative consequences to consider before excluding >> message-id from our signature? >> >> ...found that Securence / usinternet.com (A forwarder) gets a measurable >> percentage of our mail and modifies the message-id in the process. This >> breaks our DKIM signature and causes DMARC to fail at the destination. >> Working directly with them, I've learned that they're unable to preserve >> the signed message-id. > > > This seems like an odd thing to change. Are you sure that there is nothing > else that they are doing to your messages which will break the signature? > > Having worked on the DMARC interoperability catalog (for the IETF DMARC > WG), I'd be interested in talking a bit more with Securence if you can > provide contact info off-list so that I can find out if we have captured > their issue(s) in the catalog. > > --Kurt Andersen >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop