dkim-ops
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [dkim-ops] Google rejecting forwarded facebook mails based on DKIM

2011-09-06 15:34:45
from [SM] [Permanent Link] 
Hi Andrew,
At 09:57 06-09-2011, Andrew Culver wrote:

Many people, including myself, have been receiving the following reject
message from Google when a message from @facebookmail.com is sent to a
user here at @uwo.ca who is forwarding their mail to @alumni.uwo.ca,
which is a Google-hosted domain:

550 5.7.1 Unauthenticated email is not accepted from this domain.
u45si20503609yhu.120

We have opened a corporate support ticket with Google and got the
following answer:


[snip]


Their reply was:


Thanks for providing additional details. We accept only DKIM
authenticated emails from facebook. Somehow it looks like when your
mail server forwards the message to us some portion of the header is
getting modified. The recipient address changes and there might be
few other sections of the original header that get modified. I did
little more investigation and noticed that we are able to receive
emails from facebook as long as it is properly authenticated.


The reply mentions that there might be other sections of the original 
header fields that got modified.  That would invalidate the DKIM signature.


Again, I'm confused, but I'm not too familiar with DKIM. Of course we're
modifying the recipient address since we're forwarding the message. But
we only modify the envelope mail from and rcpt to addresses, not the
 From or To headers.


See above.


Since we're not modifying any of the signed headers, nor the body of the
message, why would Google be rejecting the message for not being
authenticated?


Based on the reply you forwarded, it looks like the message is being 
rejected because the DKIM signed message from facebook failed to verify.


Before I replied to Google again, I wanted to get a better understanding
of what's going on. Am I correct in my understanding of how this should
be working? Please let me know if you need more details.


You'll need a capture of the message as seen by Google to find out 
what is going on.

Regards,
-sm 

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [dkim-ops] Google rejecting forwarded facebook mails based on DKIM, Andrew Culver
Previous by Thread:  Re: [dkim-ops] Google rejecting forwarded facebook mails based on DKIM, Andrew Culver
Indexes:  [Date] [Thread] [Top] [All Lists]