Why doesn't DMARC work?

I

Ivan2017-05-04 12:29:13

FreeBSD

Ivan, 2017-05-04 12:29:13

Hello.
I have a 1C server that sends different letters to clients. To make everything beautiful, I wrapped the sending through my mail server. But for some reason the digital signature beats. I have already checked everything, turned on relaxed, tried to sign only for example FROM, the same garbage. Google writes - DKIM: FAIL, null domain
mail ru writes - dkim=fail reason=signature_incorrect header.d=my-domain.ru
Mail gets through, SPF works, but I really don't even have any assumptions. Apparently, there is something with the title, or with the domain, but I can’t figure out exactly where.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vladimir Dubrovin, 2017-05-06
@z3apa3a

There are several probable reasons, all of them are related to the violation of standards when sending:
1. 1C does not form any of the required headers, usually Date: or Message-ID:. The letter is signed with DKIM, after which the mail server adds a mandatory header to comply with the standard and the DKIM signature is beaten.
2. 1C forms letters with a long string (usually over 998 octets). The letter is signed, after which the mail server normalizes it to comply with the standard and DKIM beats
3. 1C generates letters with unencoded 8-bit characters in the headers or other violations of the standard, for example, an incorrect From: header. The behavior of DKIM on such emails is unpredictable.

C

CityCat4, 2017-05-04
@CityCat4

SPF and DKIM records can be checked here

U

uraks, 2019-08-22
@uraks

Vladimir's advice helped a lot, I had Cyrillic in the subject line of the unsubscribe link, I fixed it and DKIM worked.