Re: [mailop] Mysterious DKIM failure.

2016-12-13 Thread Vick Khera 
On Mon, Dec 12, 2016 at 3:23 PM, Steve Atkins  wrote:

>o Use quoted-printable for all body text
>

This one bit me pretty well with AOL a few years ago -- rewriting of 8-bit
to 7-bit. The only solution was to QP encode everything.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-13 Thread Valdis . Kletnieks 
On Mon, 12 Dec 2016 13:26:04 -0700, Luke Martinez via mailop said:

> Whether or not you should ignore changes to whitespace and capitalization
> seems like a fairly trivial thing.

Not when you're talking about a cryptographic signature, where a single
changed bit should change the signature drastically.


pgpvlrqjHabwc.pgp
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-12 Thread Maarten Oelering 
Good point. Due to DMARC these issues will be more apparent. We will revisit 
our encoding and canocalization guidelines.

Thanks,

Maarten

> On 12 Dec 2016, at 21:23, Steve Atkins  wrote:
> 
>> 
>> On Dec 12, 2016, at 12:15 PM, Maarten Oelering > > wrote:
>> 
>> DKIMCore promotes the use of simple body canocalization: 
>> http://dkimcore.org/deployment/dkim.html 
>> .
> 
> Something that might not be the most robust configuration, given Microsoft's 
> whitespace issues, though at the time it was written the failure modes in the 
> body of the message tended to be more spectacular than relaxed 
> canonicalization would help with.
> 
> (And the author contradicts himself in todays blog post: 
> https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/
>  
> 
>  )
> 
>> 
>> Should ESPs use relaxed body canocalization instead to avoid these (rare) 
>> validation issues?
> 
> Yes. They should also probably:
> 
>   o Not use tabs for whitespace.
> 
>   o Use email addresses of the form "friendly address" 
> 
>   o Avoid lines longer than 80 characters
> 
>   o Use quoted-printable for all body text
> 
>   o ...
> 
> None of this is particularly important when the only fallout of a DKIM 
> validation failure is "meh, it's email". DKIM is fragile in transit, we know 
> that.
> 
> It goes wrong when people also deploy DMARC with p=reject, which repurposes 
> DKIM and SPF to make negative rather than positive assertions, so actually 
> fails when both DKIM and SPF fail to validate. So we have to care more now.
> 
> Cheers,
>  Steve

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-12 Thread Luke Martinez via mailop 
Famous last words but...What's the worst that could happen? :)

Whether or not you should ignore changes to whitespace and capitalization
seems like a fairly trivial thing.

On Mon, Dec 12, 2016 at 1:15 PM, Maarten Oelering 
wrote:

> DKIMCore promotes the use of simple body canocalization: http://
> dkimcore.org/deployment/dkim.html.
>
> Should ESPs use relaxed body canocalization instead to avoid these (rare)
> validation issues?
>
> Thanks,
>
> Maarten Oelering
> Postmastery
>
> On Sun, 11 Dec 2016 at 20:29, Steve Atkins  wrote:
>
>> >
>>
>> > On Dec 11, 2016, at 8:53 AM, Dave Crocker  wrote:
>>
>> >
>>
>> > On 12/10/2016 8:08 AM, Al Iverson wrote:
>>
>> >> Suggestion...modify the template to remove all the tabs or replace
>>
>> >> them with spaces, and try again. If it passes on both, then you've
>>
>> >> found that something in the delivery path is replacing tabs with
>>
>> >> spaces, invalidating the DKIM signature.
>>
>> >
>>
>> >
>>
>> > The original DKIM header field seems to show use of 'relaxed' which
>> ought to make sp/tab transformations transparent.
>>
>> >
>>
>> >"Convert all sequences of one or more WSP characters to a single SP
>>
>> > character."
>>
>> >
>>
>> > hmmm...
>>
>>
>>
>> c=relaxed is identical to c=relaxed/simple, so these messages sent with
>> c=relaxed are sensitive to whitespace changes in the body.
>>
>>
>>
>> (Not the first time I've seen this, and it's arguably a usability bug in
>> the DKIM spec.)
>>
>>
>>
>> Cheers,
>>
>>  Steve
>>
>> ___
>>
>> mailop mailing list
>>
>> mailop@mailop.org
>>
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>


-- 

Luke Martinez
Team Lead | Email Delivery
520.400.5693
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-12 Thread Steve Atkins 

> On Dec 12, 2016, at 12:15 PM, Maarten Oelering  
> wrote:
> 
> DKIMCore promotes the use of simple body canocalization: 
> http://dkimcore.org/deployment/dkim.html.

Something that might not be the most robust configuration, given Microsoft's 
whitespace issues, though at the time it was written the failure modes in the 
body of the message tended to be more spectacular than relaxed canonicalization 
would help with.

(And the author contradicts himself in todays blog post: 
https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/
 )

> 
> Should ESPs use relaxed body canocalization instead to avoid these (rare) 
> validation issues?

Yes. They should also probably:

   o Not use tabs for whitespace.

   o Use email addresses of the form "friendly address" 

   o Avoid lines longer than 80 characters

   o Use quoted-printable for all body text

   o ...

None of this is particularly important when the only fallout of a DKIM 
validation failure is "meh, it's email". DKIM is fragile in transit, we know 
that.

It goes wrong when people also deploy DMARC with p=reject, which repurposes 
DKIM and SPF to make negative rather than positive assertions, so actually 
fails when both DKIM and SPF fail to validate. So we have to care more now.

Cheers,
  Steve

> 
> Thanks,
> 
> Maarten Oelering
> Postmastery
> 
> On Sun, 11 Dec 2016 at 20:29, Steve Atkins  wrote:
> >
> 
> > On Dec 11, 2016, at 8:53 AM, Dave Crocker  wrote:
> 
> >
> 
> > On 12/10/2016 8:08 AM, Al Iverson wrote:
> 
> >> Suggestion...modify the template to remove all the tabs or replace
> 
> >> them with spaces, and try again. If it passes on both, then you've
> 
> >> found that something in the delivery path is replacing tabs with
> 
> >> spaces, invalidating the DKIM signature.
> 
> >
> 
> >
> 
> > The original DKIM header field seems to show use of 'relaxed' which ought 
> > to make sp/tab transformations transparent.
> 
> >
> 
> >"Convert all sequences of one or more WSP characters to a single SP
> 
> > character."
> 
> >
> 
> > hmmm...
> 
> 
> 
> c=relaxed is identical to c=relaxed/simple, so these messages sent with 
> c=relaxed are sensitive to whitespace changes in the body.
> 
> 
> 
> (Not the first time I've seen this, and it's arguably a usability bug in the 
> DKIM spec.)
> 
> 
> 
> Cheers,
> 
>  Steve
> 
> ___
> 
> mailop mailing list
> 
> mailop@mailop.org
> 
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-12 Thread Maarten Oelering 
DKIMCore promotes the use of simple body canocalization:
http://dkimcore.org/deployment/dkim.html.

Should ESPs use relaxed body canocalization instead to avoid these (rare)
validation issues?

Thanks,

Maarten Oelering
Postmastery

On Sun, 11 Dec 2016 at 20:29, Steve Atkins  wrote:

> >
>
> > On Dec 11, 2016, at 8:53 AM, Dave Crocker  wrote:
>
> >
>
> > On 12/10/2016 8:08 AM, Al Iverson wrote:
>
> >> Suggestion...modify the template to remove all the tabs or replace
>
> >> them with spaces, and try again. If it passes on both, then you've
>
> >> found that something in the delivery path is replacing tabs with
>
> >> spaces, invalidating the DKIM signature.
>
> >
>
> >
>
> > The original DKIM header field seems to show use of 'relaxed' which
> ought to make sp/tab transformations transparent.
>
> >
>
> >"Convert all sequences of one or more WSP characters to a single SP
>
> > character."
>
> >
>
> > hmmm...
>
>
>
> c=relaxed is identical to c=relaxed/simple, so these messages sent with
> c=relaxed are sensitive to whitespace changes in the body.
>
>
>
> (Not the first time I've seen this, and it's arguably a usability bug in
> the DKIM spec.)
>
>
>
> Cheers,
>
>  Steve
>
> ___
>
> mailop mailing list
>
> mailop@mailop.org
>
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-11 Thread Dave Crocker 

On 12/11/2016 9:41 AM, Luke Martinez wrote:

believe if only one canonicalization tag is specified, the other
defaults to "simple" So in this case, "relaxed" is the header
canonicalization, and the body canonicalization would be "simple" which
tolerates no modification.



Ahhh. Thanks for catching that.

My recent record, since I'm not hands on these days, is to usually miss 
an essential point, so I was expecting this outcome.  Just couldn't 
figure out which specific it would be...


d.
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-11 Thread Steve Atkins 
> 
> On Dec 11, 2016, at 8:53 AM, Dave Crocker  wrote:
> 
> On 12/10/2016 8:08 AM, Al Iverson wrote:
>> Suggestion...modify the template to remove all the tabs or replace
>> them with spaces, and try again. If it passes on both, then you've
>> found that something in the delivery path is replacing tabs with
>> spaces, invalidating the DKIM signature.
> 
> 
> The original DKIM header field seems to show use of 'relaxed' which ought to 
> make sp/tab transformations transparent.
> 
>"Convert all sequences of one or more WSP characters to a single SP
> character."
> 
> hmmm...

c=relaxed is identical to c=relaxed/simple, so these messages sent with 
c=relaxed are sensitive to whitespace changes in the body.

(Not the first time I've seen this, and it's arguably a usability bug in the 
DKIM spec.)

Cheers,
 Steve
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-11 Thread Luke Martinez via mailop 
Dave,

I believe if only one canonicalization tag is specified, the other defaults
to "simple" So in this case, "relaxed" is the header canonicalization, and
the body canonicalization would be "simple" which tolerates no
modification.

Its a good thought though. If this turns out to be a whitespace issue, ESPs
could alleviate some of the pain by specifying c=relaxed/relaxed instead of
c=relaxed. I will do some testing on monday and report back. Really
appreciate all the insights from everyone.

On Sun, Dec 11, 2016 at 9:53 AM, Dave Crocker  wrote:

> On 12/10/2016 8:08 AM, Al Iverson wrote:
>
>> Suggestion...modify the template to remove all the tabs or replace
>> them with spaces, and try again. If it passes on both, then you've
>> found that something in the delivery path is replacing tabs with
>> spaces, invalidating the DKIM signature.
>>
>
>
> The original DKIM header field seems to show use of 'relaxed' which ought
> to make sp/tab transformations transparent.
>
>  "Convert all sequences of one or more WSP characters to a single SP
>   character."
>
> hmmm...
>
> d/
>
>
> --
>
>   Dave Crocker
>   Brandenburg InternetWorking
>   bbiw.net
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>



-- 

Luke Martinez
Team Lead | Email Delivery
520.400.5693
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-11 Thread Dave Crocker 

On 12/10/2016 8:08 AM, Al Iverson wrote:

Suggestion...modify the template to remove all the tabs or replace
them with spaces, and try again. If it passes on both, then you've
found that something in the delivery path is replacing tabs with
spaces, invalidating the DKIM signature.



The original DKIM header field seems to show use of 'relaxed' which 
ought to make sp/tab transformations transparent.


 "Convert all sequences of one or more WSP characters to a single SP
  character."

hmmm...

d/


--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-10 Thread Alan Hodgson 
On Saturday 10 December 2016 23:19:26 Bill Cole wrote:
> FWIW, Exchange has a long history of playing silly buggers with message
> whitespace. I would expect MS to have learned to stop that by now, but,
> well, MS...
> 

https://blogs.msdn.microsoft.com/tzink/2016/05/19/why-does-my-email-from-facebook-that-i-forward-from-my-outlook-com-account-get-rejected/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-10 Thread Bill Cole 

On 9 Dec 2016, at 21:14, Steve Atkins wrote:

Looks like someone along the delivery path is expanding tabs, but it's 
hard to say more without looking at wider data.


Unless I saw something to suggest otherwise I'd assume that it's 
something to do with the delivery path rather than the recipient. I'd 
look at the smarthosts they went through (is something configured 
differently on them?) and the MXes that received them.


The messages have differing indentation on the 
X-Microsoft-Exchange-Diagnostics headers, which strongly suggests it's 
inside something at Microsoft.


FWIW, Exchange has a long history of playing silly buggers with message 
whitespace. I would expect MS to have learned to stop that by now, but, 
well, MS...


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-10 Thread Al Iverson 
I think you might have just figured out why many of us ESP people see
oddball DKIM failures at Microsoft Outlook.com/Hotmail properties.

Suggestion...modify the template to remove all the tabs or replace
them with spaces, and try again. If it passes on both, then you've
found that something in the delivery path is replacing tabs with
spaces, invalidating the DKIM signature.

Cheers,
Al

--
Al Iverson
www.aliverson.com
(312)725-0130


On Fri, Dec 9, 2016 at 9:14 PM, Steve Atkins  wrote:
>
>> On Dec 9, 2016, at 5:59 PM, Luke Martinez  wrote:
>>
>> Thanks for the insights Steve,
>>
>> Any thoughts on why the indentation would be different? As far as I know, 
>> this message was built once, and then it was sent to several different 
>> recipients. I can't guess why the results would be different when being sent 
>> to different outlook.com recipients. Also noteworthy...Subsequent test 
>> messages (different content, but same config) sent to the same addresses 
>> produced different results (attached)
>
> Looks like someone along the delivery path is expanding tabs, but it's hard 
> to say more without looking at wider data.
>
> Unless I saw something to suggest otherwise I'd assume that it's something to 
> do with the delivery path rather than the recipient. I'd look at the 
> smarthosts they went through (is something configured differently on them?) 
> and the MXes that received them.
>
> The messages have differing indentation on the 
> X-Microsoft-Exchange-Diagnostics headers, which strongly suggests it's inside 
> something at Microsoft.
>
> You could reach out to someone who's at Microsoft and ask them to take a look.
>
> Though I'd probably try injecting identical-ish messages into outlook.com's 
> dozens of MXes and see if there were any pattern first. Easy enough to 
> black-box it with swaks and a shell script.
>
> Cheers,
>   Steve
>
>>
>> On Fri, Dec 9, 2016 at 5:57 PM, Steve Atkins  wrote:
>>
>> > On Dec 9, 2016, at 3:36 PM, Luke Martinez via mailop  
>> > wrote:
>> >
>> > I've got some DKIM failures I'm having trouble figuring out. Below are two 
>> > identical messages sent to two different outlook.com recipients from the 
>> > same infrastructure. One is failing DKIM, the other isn't.
>> >
>> > This issue is semi-repeatable, with some addresses failing DKIM and others 
>> > passing seemingly at random.
>> >
>> > I was wondering if anyone could help me identify the cause of the DKIM 
>> > failure, or let me know if this is just a thing that happens on occasion. 
>> > I've attached the full messages and pasted the two headers.
>>
>> dkimpass.txt indents some lines (e.g. DECK THE HALLS) with three tabs, while 
>> dkimfail.txt indents those same lines with six spaces.
>>
>> For mail that otherwise looks like it's coming from the same template that's 
>> very suspicious.
>>
>> Cheers,
>>   Steve
>>
>>
>>
>>
>> --
>>
>> Luke Martinez
>> Team Lead | Email Delivery
>> 520.400.5693
>> 
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-09 Thread Steve Atkins 

> On Dec 9, 2016, at 5:59 PM, Luke Martinez  wrote:
> 
> Thanks for the insights Steve,
> 
> Any thoughts on why the indentation would be different? As far as I know, 
> this message was built once, and then it was sent to several different 
> recipients. I can't guess why the results would be different when being sent 
> to different outlook.com recipients. Also noteworthy...Subsequent test 
> messages (different content, but same config) sent to the same addresses 
> produced different results (attached) 

Looks like someone along the delivery path is expanding tabs, but it's hard to 
say more without looking at wider data. 

Unless I saw something to suggest otherwise I'd assume that it's something to 
do with the delivery path rather than the recipient. I'd look at the smarthosts 
they went through (is something configured differently on them?) and the MXes 
that received them.

The messages have differing indentation on the X-Microsoft-Exchange-Diagnostics 
headers, which strongly suggests it's inside something at Microsoft.

You could reach out to someone who's at Microsoft and ask them to take a look.

Though I'd probably try injecting identical-ish messages into outlook.com's 
dozens of MXes and see if there were any pattern first. Easy enough to 
black-box it with swaks and a shell script.

Cheers,
  Steve

> 
> On Fri, Dec 9, 2016 at 5:57 PM, Steve Atkins  wrote:
> 
> > On Dec 9, 2016, at 3:36 PM, Luke Martinez via mailop  
> > wrote:
> >
> > I've got some DKIM failures I'm having trouble figuring out. Below are two 
> > identical messages sent to two different outlook.com recipients from the 
> > same infrastructure. One is failing DKIM, the other isn't.
> >
> > This issue is semi-repeatable, with some addresses failing DKIM and others 
> > passing seemingly at random.
> >
> > I was wondering if anyone could help me identify the cause of the DKIM 
> > failure, or let me know if this is just a thing that happens on occasion. 
> > I've attached the full messages and pasted the two headers.
> 
> dkimpass.txt indents some lines (e.g. DECK THE HALLS) with three tabs, while 
> dkimfail.txt indents those same lines with six spaces.
> 
> For mail that otherwise looks like it's coming from the same template that's 
> very suspicious.
> 
> Cheers,
>   Steve
> 
> 
> 
> 
> -- 
> 
> Luke Martinez
> Team Lead | Email Delivery
> 520.400.5693
> 


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mysterious DKIM failure.

2016-12-09 Thread Luke Martinez via mailop 
Thanks for the insights Steve,

Any thoughts on why the indentation would be different? As far as I know,
this message was built *once*, and then it was sent to several different
recipients. I can't guess why the results would be different when being
sent to different outlook.com recipients. Also noteworthy...Subsequent test
messages (different content, but same config) sent to the same addresses
produced different results (attached)

On Fri, Dec 9, 2016 at 5:57 PM, Steve Atkins  wrote:

>
> > On Dec 9, 2016, at 3:36 PM, Luke Martinez via mailop 
> wrote:
> >
> > I've got some DKIM failures I'm having trouble figuring out. Below are
> two identical messages sent to two different outlook.com recipients from
> the same infrastructure. One is failing DKIM, the other isn't.
> >
> > This issue is semi-repeatable, with some addresses failing DKIM and
> others passing seemingly at random.
> >
> > I was wondering if anyone could help me identify the cause of the DKIM
> failure, or let me know if this is just a thing that happens on occasion.
> I've attached the full messages and pasted the two headers.
>
> dkimpass.txt indents some lines (e.g. DECK THE HALLS) with three tabs,
> while dkimfail.txt indents those same lines with six spaces.
>
> For mail that otherwise looks like it's coming from the same template
> that's very suspicious.
>
> Cheers,
>   Steve
>
>


-- 

Luke Martinez
Team Lead | Email Delivery
520.400.5693
Received: from BY1PR13CA0003.namprd13.prod.outlook.com (10.162.107.141) by
 MWHPR13MB1536.namprd13.prod.outlook.com (10.175.140.137) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.771.4 via Mailbox Transport; Fri, 9 Dec 2016 23:22:18 +
Received: from inbound.mail.protection.outlook.com (216.32.180.120) by
 BY1PR13CA0003.outlook.office365.com (10.162.107.141) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.789.5 via Frontend Transport; Fri, 9 Dec 2016 23:22:18 +
Received: from BN3NAM04FT006.eop-NAM04.prod.protection.outlook.com
 (10.152.92.52) by BN3NAM04HT188.eop-NAM04.prod.protection.outlook.com
 (10.152.93.73) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.761.6; Fri, 9 Dec
 2016 23:22:15 +
Authentication-Results: spf=pass (sender IP is 167.89.0.244)
 smtp.mailfrom=e.email.silpada.com; outlook.com; dkim=pass (signature was
 verified) header.d=email.silpada.com;outlook.com; dmarc=bestguesspass
 action=none header.from=email.silpada.com;
Received-SPF: Pass (protection.outlook.com: domain of e.email.silpada.com
 designates 167.89.0.244 as permitted sender) receiver=protection.outlook.com;
 client-ip=167.89.0.244; helo= o1.e.email.silpada.com;
Received: from SNT004-MC11F2.hotmail.com (10.152.92.58) by
 BN3NAM04FT006.mail.protection.outlook.com (10.152.92.96) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.761.6 via Frontend Transport; Fri, 9 Dec 2016 23:22:14 +
X-IncomingTopHeaderMarker: 
OriginalChecksum:1F3929AE2F421F64D0759B2072B637C65D5AF4E5513CB8339CFC5A1EBEED385F;UpperCasedChecksum:1CC256260B9A51AE7529A9CC4ADA8A78374D893F53BE50BFC6F0D101842205F2;SizeAsReceived:1631;Count:14
Received: from o1.e.email.silpada.com ([167.89.0.244]) by 
SNT004-MC11F2.hotmail.com over TLS secured channel with Microsoft 
SMTPSVC(7.5.7601.23143);
 Fri, 9 Dec 2016 15:22:13 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=email.silpada.com; 
h=content-type:from:mime-version:subject:to; s=s1; 
bh=l7Nvk3mH4ILxblffMVyzawXYOcM=; b=XgeUIoznQmsqUw48sfcsq2+FwnMNL
yJPVEhy90/bU3b+7P/gTmRkfd2Z//9X/7S5XIw+4+5ymHdeZMSbL3giRWjInkdbT
/0Jsp0kwRIgj7pp6dtDRO3Y6DO9kz12YmVcIqKmoXq1ZYOL1vlB9ninocVdUagfs
DpsI3F4lq3AaQk=
Received: by filter0974p1mdw1.sendgrid.net with SMTP id 
filter0974p1mdw1-2201-584B3CA3-2D
2016-12-09 23:22:11.650615498 + UTC
Received: from NDAyMzM2NQ (o16789125x224.outbound-mail.sendgrid.net 
[167.89.125.224])
by ismtpd0005p1iad1.sendgrid.net (SG) with HTTP id 
ByTzwSvuSdmKofzSqvl52Q
for ; Fri, 09 Dec 2016 23:22:11.581 + 
(UTC)
Content-Type: multipart/alternative; 
boundary=de75af6eb0ec36ce29f87fd5ce4e4ccb371b0db3b5bdfe7604c05473375e
Date: Fri, 9 Dec 2016 23:22:11 +
From: silp...@email.silpada.com
Subject: From SendGrid
To: matthew.que...@outlook.com
Message-ID: 
X-SG-EID: 
/4D4wegxXCO+mN92/eWzN4CqIJM27SJeUDkqWNtyz3PaCzoitt8v4Yw940wWRRfStz+ZRR+2jMRyrI
 Drv/wqO3MTwDWvMq3Tf7acVRy2gpnomAnVM5B9jXUne1tRosX++I1tqTzYvPDT/pWNzDPSdbrtvCuX
 HbFxf3wSvBLej9pvd5L645hwXeZnPIhcYlK7Cr869bjbApdWF5Nk6n8qnw==
Return-Path: bounces+4023365-dfaf-matthew.quebec=outlook@e.email.silpada.com
X-OriginalArrivalTime: 09 Dec 2016 23:22:13.0132 (UTC) 
FILETIME=[1271A4C0:01D25273]
X-IncomingHeaderCount: 14
X-MS-Exchange-Organization-Network-Message-Id: 
36f54186-de3b-406c-3357-08d4208a3616
X-EOPAttributedMessage: 0
X-EOPTe

Re: [mailop] Mysterious DKIM failure.

2016-12-09 Thread Steve Atkins 

> On Dec 9, 2016, at 3:36 PM, Luke Martinez via mailop  
> wrote:
> 
> I've got some DKIM failures I'm having trouble figuring out. Below are two 
> identical messages sent to two different outlook.com recipients from the same 
> infrastructure. One is failing DKIM, the other isn't. 
> 
> This issue is semi-repeatable, with some addresses failing DKIM and others 
> passing seemingly at random. 
> 
> I was wondering if anyone could help me identify the cause of the DKIM 
> failure, or let me know if this is just a thing that happens on occasion. 
> I've attached the full messages and pasted the two headers.  

dkimpass.txt indents some lines (e.g. DECK THE HALLS) with three tabs, while 
dkimfail.txt indents those same lines with six spaces.

For mail that otherwise looks like it's coming from the same template that's 
very suspicious.

Cheers,
  Steve


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop