I've deployed DKIM, using Opendkim, in an SPF+DKIM+DMARC setup.
Works verifiably well outbound, and inbound in most cases.
Except for from some (big & legitimate) mailing lists. Mail from them is
getting flagged as
dkim=fail reason="signature verification failed"
but inconsistently. Trying to debug, dkim logs say PASS, but headers says FAIL.
message headers say dkim = fail, stats say = PASSED. why the conflict, and how
to fix?
http://serverfault.com/questions/788017/message-headers-say-dkim-fail-stats-say-passed-why-the-conflict-and-how-t
I'm aware of
DomainKeys Identified Mail (DKIM) and Mailing Lists
https://tools.ietf.org/html/rfc6377
having been pointed there several times "for answers". Let's just say it
hasn't done the trick for us here.
I've asked about this on serverfault, on the opendkim mailing list, in irc, and
via direct mail to the authors. I have yet to get any answer as to why this
problem's occurring, and how best to configure DKIM (if it's a config issue to
begin with) so as to avoid the problem.
I'm in 'here' because I'm running out of places to ask.
I'd appreciate any pointers on how to fix this, or better yet, where to have an
actual fruitful discussion.
Thanks,
Jason
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html