On Thursday, January 10, 2019 10:34:19 AM Ken wrote:
> I'm currently running OpenDKIM 2.10.3
>
> I'm seeing instances (thousands per day) where verification's fail with:
>
> [sample start]
> failed to parse Authentication-Results: header field
>
> key retrieval failed (s=selector1-Q2e-onmicrosoft-com,
> d=Q2e.onmicrosoft.com):
> 'selector1-Q2e-onmicrosoft-com._domainkey.Q2e.onmicrosoft.com' query failed
> [sample end]
>
> This is occurring with legitimate sources.
> Banks, Stores, Technology companies, and seems to be limited to any domain
> using what appears to be Outlook/Office 365
>
> If it were one off (one domain out of thousands) I could easily chalk it up
> to bad sender configuration. But it's not, it's thousands of emails from
> hundreds of (valid) senders a day
>
> Any insight would be appreciated
>
> Thank you
Last time I looked (I don't get much email from O365 users), Microsoft's auth
header fields were non-standard in non-trivial ways. The major point is that
authserv-ID was missing, which is a required element. Any AR field without it
should be discarded without processing, so as long as the DKIM signatures are
still verified, this may just be annoyingly verbose logging.
Scott K
Received on Fri Jan 11 2019 - 05:52:57 PST
This archive was generated by hypermail 2.3.0
: Fri Jan 11 2019 - 06:00:00 PST