In our testing at Cisco, we are seeing a small but significant number
of failure mainly due to various system bots that send naked CR's in
a message.
Yeah, there are a lot of badly written MUAs.
What I have found is that at the very least, sendmail and Ironport
handle these two cases differently.
Right. Different MTAs do different, fairly random things to mail that
isn't 2822 compliant. (They do random things to mail that is
compliant, but their mutations to non-compliant mail are more
extreme.) Trying to guess what's going to happen and to try to
program around it is a guaranteed exercise in frustration.
My strong suggestion is to say that if you want your DKIM signatures
to interoperate, you should only sign compliant mail. If someone or
something injects a non-compliant message to your MTA, fix it before
signing it. It's hard for me to envision a situation where this isn't
the right thing to do.
This is what my qmail setup does now -- locally injected mail has
formatting errors corrected and missing headers added before it's
passed along, while incoming MX mail is just passed through except if
it has bare linefeeds in which case it's rejected.
There are a whole lot of ways to construct a not-quite-2822 message
other than bare carriage returns, and I see no reason to try to revisit
this well-trodden territory.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html