Hi We’ve started getting support tickets from customers that their DMARC reports from Google are showing DKIM failed for our ed25519 keys. The rsa keys still show as valid/pass, so overall it passes.
What’s the best way of escalating such an issue to the developers at Google? I’d prefer it, if both set of keys turned up in the report as passed. Kind Regards, Sidsel Jensen Team manager Mail & Abuse, Systems Engineer @ One.com <http://one.com/> > On 5 Nov 2021, at 12.22, Slavko via mailop <mailop@mailop.org> wrote: > > Dňa 5. 11. o 9:31 Patrick Ben Koetter via mailop napísal(a): >> rspamd, which has been used in the example avove, seems to handle >> ed25519-sha256 verification quite well. Anyone using other DKIM verifiers >> which have problems with ed25519-sha256 verification and take it badly i.e. >> do >> anything else but note "unsupported algo" and go on happily verifying the >> second rsa-sha256 sigs? > > I use dual sign with ed25519 keys and i have enabled rua reports. While > my domain is very low traffic, i have only small amount of reports. But > i see that e.g. google verifies RSA keys as success and ED25519 keys are > failed, but this does not affects DMARC success verification. > > E.g. reports from amazon-ses are lacking ed25519 keys at all, but again > DMARC was success. > > When i start to use de25519 keys, i tried multiple online verifiers and > most of RSA only reports message as failed DKIM at all when they meet > ED25519 key. Then yes one can meet implementation which will fail DKIM, > if it meet unknown algorihtm, but IMO it is pure its problem, which have > to be solved from their side, as it is broken behavior. > > regards > slavko > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
