[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Emails being tagged as spam -- NMH solution???

From: Ken Hornstein
Subject: Re: [Nmh-workers] Emails being tagged as spam -- NMH solution???
Date: Tue, 03 Mar 2015 21:02:19 -0500

>My current guess is that is causing the DKIM check failure (also, I am
>pretty sure that the rewritten email address is invalid).  And this
>happens with the sending from the GMail web interface, right?  If that's
>the case I believe the problem is at Stanford.  I'll wait until I see
>your headers, but if that's the case then maybe your best bet is to
>complain to the people at Stanford (or get your Stanford contacts to
>complain to them).

So, I took at the original message Bob was kind enough to send me, and
with a close reading of RFC 6376 here's what I found:

- Certain headers (and the body!) of the message are being mangled.
  Specifically, the Message-ID, From, Originator, To, Cc, Reply-to,
  In-Reply-To, and References header are being mangled.  The mangling
  is of the form:

  Mister Foo Bar <address@hidden>

  turns into:

  Mister Foo Bar <address@hidden <address@hidden>>

  And you get things like:


  turning into:

  <address@hidden <address@hidden>>

  And like I said, this happens in the body as well.

  Stuff that looks like a domain name in other headers gets turned into
  a URL, e.g.:

  DKIM-Signature: [...] d=gmail.com; [...]

  turns into:

  DKIM-Signature: [...] d=gmail.com <http://gmail.com>; [...]

- The current message body, as given to me, does not pass the DKIM signature
  after it's been canonicalized.  However, if you unmangle it then then
  DOES pass the DKIM body signature (as specified in the "bh" parameter
  of the DKIM-Signature header).  In this case the body had an email address
  in it and the mangling screwed up the signature.

- I tried verifying the DKIM signature of the headers after fixing them up,
  but I couldn't.  This is kind of complicated and easy to get wrong, so
  I decided I didn't want to bother; I am sure that the mangling done here
  was causing the DKIM signature to fail.

I have a hard time believing that Google is mangling email in such a way,
but then again I would have had a hard time believing that Stanford would
be mangling email in such a way.  Since the DKIM hash of the body is
correct if it's unmangled, I am pretty sure the problem is at Stanford's
end.  Why this is happening, I have no idea.  I think you'll have to pursue
this with Stanford (or get one of your correspondents to do that).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]