Re: About verify signature with return-path

From: SM <sm_at_resistor.net>
Date: Fri, 29 Aug 2014 10:13:12 -0700

Hello,
At 02:34 29-08-2014, Kirill Bychkov wrote:
>The service mailchimp may sending email from any "mailfrom", for
>example, <mailto:from%3Aexample_at_example.com>from:example_at_example.com
>to gmail, with these headers:
>From: <mailto:example_at_example.com>example_at_example.com
>Return-Path: <....._at_<http://mail177.us4.mcsv.net>mail177.us4.mcsv.net>
>DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1;
>d=<http://mail177.us4.mcsv.net>mail177.us4.mcsv.net;
>
>h=Subject:From:Reply-To:To:Date:Message-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version;
>i=example=<mailto:example_at_mail177.us4.mcsv.net>example_at_mail177.us4.mcsv.net;
> bh=KwQ+Vxan7NSvbxpH/43sfyJQnt8=;
>
>b=L07XgMn+pDciyFYqqiPPn3hbvHxCw2nIG7jZSAIJDBSEbz2ZHTLoyKJ+vtnzw4DU2xB0uUNB4gQ8
>
>d+ODFM4U0zQG681MEhU+gd9S4xeYdrlAD5vKh/5xjCIpJGIjIKo2cLnoSNdSXShylXN97MO56JPv
> WtNICLzXK/ArI97+ckc=
>
>Domain "from" and domain in singature are different, but gmail dkim
>verifier pass this signature.

The domain in the "From:" header does not have to match the one in
"DKIM-Signature:" for verification to be successful.

Regards,
-sm
Received on Fri Aug 29 2014 - 17:20:58 PST

This archive was generated by hypermail 2.3.0 : Fri Aug 29 2014 - 17:27:01 PST