Hi,
I should be able to point you to the right people that can help . I'll
reach out off list.
Cheers
Ashley
On 5/20/20 1:43 PM, Hagop Khatchoian via mailop wrote:
Hi,
I've been working with several domains that use AmazonSES and been
analyzing DMARC Aggregate and Failure reports accordingly.
Majority of Reporters (Google, Comcast, Verizon) are verifying DKIM
Signature, but been receiving Failure/Forensic reports from
AntiSpamCloud (Thankfully we got some providers who still send Failure
reports) indicating this:
/X-SPF-Result: mx178.antispamcloud.com: domain of
eu-west-1.amazonses.com designates 54.240.7.21 as permitted sender/
/X-DKIM-Status: none / / eu-west-1.amazonses.com / / //
/X-DKIM-Status: fail / signature_incorrect / domain.com / domain.com /
/ quffadg26ibodxkvgsxvf2jd7ykxirwf/
/X-DKIM-Status: fail / signature_incorrect / amazonses.com /
amazonses.com / / shh3fegwg5fppqsuzphvschd53n6ihuv/
So basically, what I can conclude myself is:
AmazonSES signs the outgoing emails from their servers with 2 DKIM
Signatures (One from AmazonSES, the other from the registered domain
who created custom DKIM Record.
Interestingly, AntiSpamCloud is labeling those both signatures as
"incorrect" and failing the authentication.
Have anyone else included this exact issue? What did you do to solve it?
Bonus: Not sure if this cause any issues, but AmazonSES provides DKIM
Public Signature with just "p=[key]" ; there's nothing in regards to
"v=DKIM1, or any other tags" --
Please let me know if you can help me debug this.
Cheers,
Hagop Khatchoyan
Email Deliverability and Security Engineer
Mob(Whatsapp/Telegram/Viber): +374 98 028628
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
