Thanks for the analysis, Ken!
My current theory is that my email address is now strongly
associated with spam, or at least suspicious email, and so any
email I send there has a high base score.
I send a lot of email to @stanford.edu people, and I've seen
quite a bit of it tagged. Since it looked like it was still
reaching people, I didn't get on top of it from the beginning.
But maybe a lot of the recipients (most? all?) didn't train
Proofpoint to stop tagging my messages, and so Proofpoint came to
believe more and more strongly that they were spam. And perhaps
my email address's "base spam score" finally reached a tipping
point recently?
In any case, I agree that this has nothing to do with NMH -- and
never *really* did -- and that I need to get my @stanford.edu
correspondents help me out (by poking Stanford IT).
Thanks a lot for your help, especially in setting up the config
on my laptop so that it sends email out properly!
Bob
On Tue, 03 Mar 2015 21:02:19 -0500 Ken Hornstein <kenh(_at_)pobox(_dot_)com>
sez:
My current guess is that is causing the DKIM check failure (also, I am
pretty sure that the rewritten email address is invalid). And this
happens with the sending from the GMail web interface, right? If that's
the case I believe the problem is at Stanford. I'll wait until I see
your headers, but if that's the case then maybe your best bet is to
complain to the people at Stanford (or get your Stanford contacts to
complain to them).
So, I took at the original message Bob was kind enough to send me, and
with a close reading of RFC 6376 here's what I found:
- Certain headers (and the body!) of the message are being mangled.
Specifically, the Message-ID, From, Originator, To, Cc, Reply-to,
In-Reply-To, and References header are being mangled. The mangling
is of the form:
Mister Foo Bar <foo(_at_)bar(_dot_)com>
turns into:
Mister Foo Bar <foo(_at_)bar(_dot_)com <foo(_at_)bar(_dot_)com>>
And you get things like:
<random-message-id-string(_at_)gmail(_dot_)com>
turning into:
<random-message-id-string(_at_)gmail(_dot_)com
<random-message-id-string(_at_)gmail(_dot_)com>>
And like I said, this happens in the body as well.
Stuff that looks like a domain name in other headers gets turned into
a URL, e.g.:
DKIM-Signature: [...] d=gmail.com; [...]
turns into:
DKIM-Signature: [...] d=gmail.com <http://gmail.com>; [...]
- The current message body, as given to me, does not pass the DKIM signature
after it's been canonicalized. However, if you unmangle it then then
DOES pass the DKIM body signature (as specified in the "bh" parameter
of the DKIM-Signature header). In this case the body had an email address
in it and the mangling screwed up the signature.
- I tried verifying the DKIM signature of the headers after fixing them up,
but I couldn't. This is kind of complicated and easy to get wrong, so
I decided I didn't want to bother; I am sure that the mangling done here
was causing the DKIM signature to fail.
I have a hard time believing that Google is mangling email in such a way,
but then again I would have had a hard time believing that Stanford would
be mangling email in such a way. Since the DKIM hash of the body is
correct if it's unmangled, I am pretty sure the problem is at Stanford's
end. Why this is happening, I have no idea. I think you'll have to pursue
this with Stanford (or get one of your correspondents to do that).
--Ken
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers