To answer your first question: a lot of mail is double signed. Signing with 2 identical d= but different s= is unusual, but I don’t think it’s prohibited anywhere. I also don’t think the RFC addresses anything about mail disposition in case of failures. It could be that the 2 identical d= one passing and one failing is causing a spam filter somewhere to act up.
Given the problem is inside your infrastructure, the easiest fix is probably on your end. I’ve not had good experiences getting 3rd parties to modify these kinds of decisions (even when they’re clearly buggy and acting in ways that are probably unintended) and they often have what they perceive as valid reasons for making them. laura > On 26 Aug 2022, at 11:02, Stefan Bauer via mailop <mailop@mailop.org> wrote: > > The other party is putting our mails in junk/spam folder. Mail is not > rejected and reports, that the reason is invalid dkim signatur. > > Am Fr., 26. Aug. 2022 um 11:56 Uhr schrieb Laura Atkins via mailop > <mailop@mailop.org <mailto:mailop@mailop.org>>: > When you say “fail” do you mean the mail is being rejected? Or just that one > signature is failing to verify with DKIM? > > laura > > > >> On 26 Aug 2022, at 10:32, Stefan Bauer via mailop <mailop@mailop.org >> <mailto:mailop@mailop.org>> wrote: >> >> Hi folks, >> >> are 2 DKIM-signatures in a mail with different s= but for same d= a problem >> in general? >> >> According to RFC 6376 4.2 i would say no, the receiver should check both >> signatures and not perm fail on the first, however we see some trouble with >> some recipients: >> >> Log from receivers: >> >> 2022-08-22T06:35:38+02:00 S2VG300MR01 MTA[10124]: 2022-08-22 06:35:38 >> [10124] 1oPzA2-0002dI-Qd acl_check_dkim: fail domain.tld domain.tld >> 2022-08-22T06:35:38+02:00 S2VG300MR01 MTA[10124]: 2022-08-22 06:35:38 >> [10124] 1oPzA2-0002dI-Qd DKIM: d=domain.tld s=18022801 c=relaxed/relaxed >> a=rsa-sha256 b=2048 t=1661142932 [verification failed - signature did not >> verify (headers probably modified in transit)] >> >> We have 2 mail worlds, that send mail for same domain. Sometimes, a mail >> from world 1, enters world 2, gets processed and send to third party. This >> way, the mail has 2 signatures. >> >> Thank you. >> >> Stefan >> >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org <mailto:mailop@mailop.org> >> https://list.mailop.org/listinfo/mailop >> <https://list.mailop.org/listinfo/mailop> > > -- > The Delivery Experts > > Laura Atkins > Word to the Wise > la...@wordtothewise.com <mailto:la...@wordtothewise.com> > > Email Delivery Blog: http://wordtothewise.com/blog > <http://wordtothewise.com/blog> > > > > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org <mailto:mailop@mailop.org> > https://list.mailop.org/listinfo/mailop > <https://list.mailop.org/listinfo/mailop> > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
