Re: T_DKIM_INVALID from yahoo.com
On 29-12-16 19:40, Marc Stürmer wrote: > Zitat von Tom Hendrikx : > >> Did you file a ticket with them? I'm curious as to what they are saying >> about it. > > Actually I got this info by their phone support, and the info was back > then it's not supported and unlikely will be supported very soon. > > Just like DNSSEC, they also don't offer it and say don't count on it > that it will happen soon. Sounds like you should vote with your wallet. If they're not supporting current accepted internet standards or actively working on their support for (i.e. have some kind of timeline), there are plenty of other parties in Germany that offer equal hosting plans, but with decent features. Be sure to tell them why you're leaving them. ;-) Kind regards, Tom signature.asc Description: OpenPGP digital signature
Re: T_DKIM_INVALID from yahoo.com
On Thu, 29 Dec 2016 11:35:13 +0100 Marc Stürmer wrote: > Zitat von RW : > > > Are there really resolvers that can't handle it? My understanding is > > that the relevant limit here is on the length of a string, 255 > > bytes. Yahoo have broken their DKIM TXT record into multiple short > > strings to keep within the limit. > > There are still enough resolvers around which cannot handle 2048bit > DKIM keys. Sad, but true. > > For example the well known registrar Hetzner from Germany cannot > handle more than 1024 bit on their DNS software - tried it myself. That's not an example of a resolver. I can see that there might be DNS services that wont allow setting a long TXT record, but once it's set, I don't see why it would be a problem looking it up.
Re: T_DKIM_INVALID from yahoo.com
Zitat von Tom Hendrikx : Did you file a ticket with them? I'm curious as to what they are saying about it. Actually I got this info by their phone support, and the info was back then it's not supported and unlikely will be supported very soon. Just like DNSSEC, they also don't offer it and say don't count on it that it will happen soon.
Re: T_DKIM_INVALID from yahoo.com
On 29-12-16 11:35, Marc Stürmer wrote: > Zitat von RW : > >> Are there really resolvers that can't handle it? My understanding is >> that the relevant limit here is on the length of a string, 255 bytes. >> Yahoo have broken their DKIM TXT record into multiple short strings to >> keep within the limit. > > There are still enough resolvers around which cannot handle 2048bit DKIM > keys. Sad, but true. > > For example the well known registrar Hetzner from Germany cannot handle > more than 1024 bit on their DNS software - tried it myself. > Did you file a ticket with them? I'm curious as to what they are saying about it. Kind regards, Tom
Re: T_DKIM_INVALID from yahoo.com
Zitat von RW : Are there really resolvers that can't handle it? My understanding is that the relevant limit here is on the length of a string, 255 bytes. Yahoo have broken their DKIM TXT record into multiple short strings to keep within the limit. There are still enough resolvers around which cannot handle 2048bit DKIM keys. Sad, but true. For example the well known registrar Hetzner from Germany cannot handle more than 1024 bit on their DNS software - tried it myself.
Re: T_DKIM_INVALID from yahoo.com
On Mon, 26 Dec 2016 12:07:56 +0100 Marc Stürmer wrote: > Zitat von Groach : > > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.net; > > s=s2048; t=1482596721; > > DKIM entries do live in DNS space. Not every DNS server software > (and resolver) around is able to handle 2048 bit sized keys, which > are 512 bytes. Are there really resolvers that can't handle it? My understanding is that the relevant limit here is on the length of a string, 255 bytes. Yahoo have broken their DKIM TXT record into multiple short strings to keep within the limit.
Re: T_DKIM_INVALID from yahoo.com
Zitat von Groach : DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.net; s=s2048; t=1482596721; DKIM entries do live in DNS space. Not every DNS server software (and resolver) around is able to handle 2048 bit sized keys, which are 512 bytes. If you want to be on the safe side somebody should only use 1024 bit sized keys, which is also the official recommendation. It seems Yahoo doesn't care about this.
Re: T_DKIM_INVALID from yahoo.com
On 2016-12-24 19:50, Michael Orlitzky wrote: > > All mail I get from yahoo customers [1] scores on T_DKIM_INVALID, > > and always has. Why? > > Is there any correlation between the DKIM result and the size of the > message? Hmm. I got a few more messages from those domains and they seem to be passing now. I suspect this is related to changes in my setup that I made in response to the quagmire I mention below the fold; i.e. earlier, I was getting some messages (not necessarily 8 bit or distinct in any way other than phase of moon at delivery time) which were modified invisibly in transit by a gateway MTA. So, I'm putting this on hold for now. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://cr.yp.to/smtp/8bitmime.html
Re: T_DKIM_INVALID from yahoo.com
On 12/24/2016 11:05 AM, Ian Zimmerman wrote: > All mail I get from yahoo customers [1] scores on T_DKIM_INVALID, and > always has. Why? > Is there any correlation between the DKIM result and the size of the message?
Re: T_DKIM_INVALID from yahoo.com
On 2016-12-24 16:32, Groach wrote: > I have just done a test and do not get the same results as you. My > yahoo incoming emails pass ok: And yours passed for me, too. So it's only a subset of yahoo senders, apparently :-( > This might explain it: > http://spamassassin.1065346.n5.nabble.com/ > I-m-getting-T-DKIM-INVALID-from-gmail-td109464.html Clearly not, since some pass (and _all_ legit mail passes from gmail, earthlink, aol, and so on). -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://cr.yp.to/smtp/8bitmime.html
Re: T_DKIM_INVALID from yahoo.com
I have just done a test and do not get the same results as you. My yahoo incoming emails pass ok: Return-Path: stopspammin...@yahoo.net X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mailserver X-Spam-Level: * X-Spam-Status: No, score=1.1 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,MIME_HTML_MOSTLY, RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_YE,RCVD_IN_MSPIKE_H2,TVD_SPACE_RATIO shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Report: * 0.0 RCVD_IN_HOSTKARMA_YE RBL: HostKarma: relay in yellow list (varies) * [212.82.97.159 listed in hostkarma.junkemailfilter.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider * (groachmail-stopspammingme[at]yahoo.net) * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [212.82.97.159 listed in wl.mailspike.co] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [212.82.97.159 listed in list.dnswl.org] * 0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4608] * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 TVD_SPACE_RATIO No description available. * Received: from nm38-vm9.bullet.mail.ir2.yahoo.net (nm38-vm9.bullet.mail.ir2.yahoo.net [212.82.97.159]) by mydomain.net with ESMTP ; Sat, 24 Dec 2016 16:25:16 + DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.net; s=s2048; t=1482596721; bh=ATY/rpmzVtt0ixEE+qh8r6sPMhEpXyjNG2QGr7N0zAY=; h=To:From:Subject:Date:From:Subject; b=Wt2qUdnnO1CE7zTLuVlVvOdNKn6mIhHd+P+mbrstu2RW0VTlAa2mUDoDDRn65t/a1V/zytTWzT9xmT+xe0TY3xx0blesGJtUuz5F/CwEJD4Jj2w9kcqGXs21ys77kLUmW1GmIEU0623eRUk/vvNF0FrnjQ9NLL/vc/ykDEMkJOy5ePscDRVlhmkYtvNIeX7dzWK4oBGbopKnDSZxrKKW/5qFud+OHQmGL3l0ebJ4JYZqzyM+7260GbpOnPsmr6/PovZksZx7ni7Qmfyqm95Eh6R7E1k2uMKg7zxgla0UDV/vhCsvICsd/bk0NBogn4Sedw8zsx2VWyiYZkuUDVOSRA== Received: from [212.82.98.56] by nm38.bullet.mail.ir2.yahoo.net with NNFMP; 24 Dec 2016 16:25:21 - This might explain it: http://spamassassin.1065346.n5.nabble.com/I-m-getting-T-DKIM-INVALID-from-gmail-td109464.html (And you are not the first: https://www.google.co.uk/search?q=T_DKIM_INVALID) On 24/12/2016 16:05, Ian Zimmerman wrote: All mail I get from yahoo customers [1] scores on T_DKIM_INVALID, and always has. Why? Maybe I can prepare a spample, but it will take some work to find a privacy friendly specimen, since it obviously can't be altered. [1] same for hotmail, while other big domains get DKIM_VALID.
