My $DAYJOB has a service that does some email processing for customers with Microsoft email, where MS gets a message, passes it to us with a criteria based route, and then we pass it back to MS. We are setting up ARC to meet MS's requirements, and I have found that MS is passing messages to us with already-broken ARC sealing.
Specifically, if a Hotmail user (or any MS email user in a different domain I believe) sends a message, it gets a bunch MS-specifc headers, some of which are then included in the ARC-Message-Signature header list. The specific problem headers are: X-MS-Exchange-AntiSpam-MessageData-0 X-MS-Exchange-AntiSpam-MessageData-ChunkCount Then the message goes to a different MS server for the recipient domain, which does a second ARC seal, including those same headers in the AMS list. However, AFTER doing the seal, MS renames those headers, inserting a "-Original" in the name (I assume because second MS server sees "my header from an outside source"). Since they do this after sealing, the message always gets to my edge server and fails an ARC verify. My understanding of the whole ARC process is that you should verify on input, do any processing/modifications you need to do, then seal on output (and not change the message from that point). Am I misunderstanding, or is this a bug on MS's end? If it's a bug... any ideas on how to get that through to the right people at MS? I'm guessing front-line support is not going to understand this. -- Chris Adams <c...@cmadams.net> _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop