DKIM Fail

doberman
Posts: 6
Joined: Fri Oct 20, 2017 1:12 pm
Location: Florida, USA

DKIM Fail

Postby doberman » Sat Nov 11, 2017 1:10 pm

I have a filter setup to catch DKIM Fail and then pass those emails to quarantine for further review. Many times when I test these DKIM failures at other sites, dkimcore.org, dmarcanalyzer.com and dmarican.com, the DKIMs pass. How is MailEnable processing different form other leading sites?

Here is an example of a failed DKIM by MailEnable.

Code: Select all

Received-SPF: pass (mydomain.com: domain of welcome.aexp.com designates 148.173.91.83 as permitted sender)
   client-ip=148.173.91.83
Received: from ([127.0.0.1]) with MailEnable ESMTPS; Sat, 11 Nov 2017 07:04:11 -0500
DKIM-Signature: v=1; a=rsa-sha256; d=welcome.aexp.com; s=prod-selector; c=relaxed/relaxed;
   q=dns/txt; i=@welcome.aexp.com; t=1510387448;
   h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
   bh=IhAKKK1ho2yEHfHlNxPe3SijRNz+4o4rhvMkx3W2r60=;
   b=VjOPX2gyEEsQICGhz5Tp0bqO4FmA1Ko/H99dHtW1WxwqgABhi5FA5UnOEKprsFGn
   MXLYsRk6RqNw7C0EMzhkyo6VKMiZCL6OdkjtqqZeRmPRtCWb4fcHLJV+5p8x3hdW
   dgli7i6DPXR4GcoC/oNTB6acJcXdxEmAd1SfK0AeoM0=;
X-MSFBL: amVnbGlAYXBwbHluZXR3b3Jrcy5jb21AdHJhbnNhY3Rpb25hbF80WDQ4QHRyYW5z
   YWN0aW9uYWxAJXZjdHhfbWVzc3thbWV4X01lc3NhZ2VJRH0=
Date: Sat, 11 Nov 2017 01:04:08 -0700
From: "American Express" <AmericanExpress@welcome.aexp.com>
Reply-To: "" <DoNotReplyUS@service.americanexpress.com>
To: <email@mydomain.com>
MIME-Version: 1.0
Subject: =?UTF-8?B?WW91ciBOb3ZlbWJlciAyMDE3IFN0YXRlbWVudCBpcyBSZWFkeQ==?=
Message-ID: <HEALTUSE20171109100923035247TI.AGNEUBBK0001001.MYCA@welcome.aexp.com>
Content-Type: multipart/alternative;
  boundary="oIS98GC92aEsha2g4Cr4Rv7NQdFXzY2XU0W6WA=="
X-ME-CountryOrigin: US
X-ME-Bayesian: 0.000000
X-ME-DKIM: FAIL


DKIMpass.png
DKIMpass.png (45.67 KiB) Viewed 389 times



Thanks!

Brett Rowbotham
Posts: 498
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: DKIM Fail

Postby Brett Rowbotham » Mon Nov 13, 2017 5:48 am

It looks as if you are checking that there is a valid DKIM key rather than checking the email itself.

Use the checker at https://9vx.org/~dho/dkim_validate.php and paste the entire raw contents of the email to check whether DKIM is passing or failing.

Cheers,
Brett

doberman
Posts: 6
Joined: Fri Oct 20, 2017 1:12 pm
Location: Florida, USA

Re: DKIM Fail

Postby doberman » Mon Nov 13, 2017 11:26 am

I ran the email through the site that Brett recommended (thanks!) and the results were:
Results: fail
signature identity: @welcome.aexp.com
verify result: fail (body has been altered)

What are the different validation processes that occur when checking the DKIM key vs checking the email itself? I mean, why does the DKIM key validate (including SPF and DMARC), but the email as a whole fails? I've tried to locate information on this, but could not.

Thank you.

doberman
Posts: 6
Joined: Fri Oct 20, 2017 1:12 pm
Location: Florida, USA

Re: DKIM Fail

Postby doberman » Sat Nov 18, 2017 11:29 am

I continue to get more DKIM Fail messages when the actual key is valid. Could someone explain how MailEnable evaluates emails with DKIM signatures? I've looked in the documentation and it seemed that if the DKIM signature passed, then everything was okay.

Latest DKIM Fails from:
  • mailenable.com (when signing up for subscription)
  • chase.com
  • americanexpress.com
  • lafitness.com

I don't mean to be a pain, but I'm just trying to understand this process. Thanks! :)

MartynK
Posts: 1322
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Re: DKIM Fail

Postby MartynK » Mon Feb 12, 2018 1:48 am

Did anyone get to the bottom of this, I am having the same problem and well known domains are failing ?

Who is online

Users browsing this forum: No registered users and 1 guest