Hi John,
Thanks for the reply. With some testing, I've discovered that our MTA is
changing the Content-Type header as well as changing the encoding of the
message when delivering to an external address (although not for local
recipients).. so the problem is on our end, not Google's.
Cheers,
Andrew
John R. Levine wrote, On 11-09-06 02:24 PM:
Since we're not modifying any of the signed headers, nor the body of the
message, why would Google be rejecting the message for not being
authenticated?
Before I replied to Google again, I wanted to get a better understanding
of what's going on. Am I correct in my understanding of how this should
be working? Please let me know if you need more details.
Your understanding is correct. If you're not modifying the message, the
signature should be OK.
The three obvious possibilities is that Facebook's signatures are
broken, that something on your system is making changes that it
shouldn't, or that something at Google is broken. My guess would be the
third (overeager anti-phish filters.)
Can you snag copies of some of the mail as it's forwarded, so you can
check the signatures on the mail as you received it?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for
Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops