My $DAYJOB has a service that does some email processing for customers
with Microsoft email, where MS gets a message, passes it to us with a
criteria based route, and then we pass it back to MS. We are setting up
ARC to meet MS's requirements, and I have found that MS is passing
messages to us with already-broken ARC sealing.
Specifically, if a Hotmail user (or any MS email user in a different
domain I believe) sends a message, it gets a bunch MS-specifc headers,
some of which are then included in the ARC-Message-Signature header
list. The specific problem headers are:
X-MS-Exchange-AntiSpam-MessageData-0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount
Then the message goes to a different MS server for the recipient domain,
which does a second ARC seal, including those same headers in the AMS
list. However, AFTER doing the seal, MS renames those headers,
inserting a "-Original" in the name (I assume because second MS server
sees "my header from an outside source"). Since they do this after
sealing, the message always gets to my edge server and fails an ARC
verify.
My understanding of the whole ARC process is that you should verify on
input, do any processing/modifications you need to do, then seal on
output (and not change the message from that point).
Am I misunderstanding, or is this a bug on MS's end? If it's a bug...
any ideas on how to get that through to the right people at MS? I'm
guessing front-line support is not going to understand this.
--
Chris Adams <c...@cmadams.net>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
