How can I verify inbound message DKIM validation failures


OVERVIEW

DKIM is a mechanism whereby the originator of the message will include a validation record that protects fields of the message from being modified/tampered with.

MailEnable has the ability to sign any outbound messages as well as verify the integrity of messages received from external servers.

If a message fails DKIM verification, then the message body or some of its significant headers have been modified.

This article explains how to validate DKIM failures and gain more insight as to why a message has failed validation.

DETAIL

MailEnable performs DKIM verification after a message has been received by the SMTP connector.

Before DKIM validation, MailEnable may add some additional headers to the inbound message. For example, MailEnable may add the X-Envelope-Sender field. The addition of fields typically will not invalidate the DKIM integrity (DKIM is used to protect headers from modification - not the addition of headers).

If a message fails DKIM, an online DKIM verification utility can be used to determine why it failed validation.

An example utility is here: http://www.appmaildev.com/en/dkimfile

A message is likely to fail DKIM validation if the message body or important message header fields have been modified (typically the message Subject, Date, From or To fields).

Note: To validate the message, you should ensure that you use a version of the message that represents its original form. ie: You should revert any headers or modifications made to the message by filter actions. Specifically, some filter actions could pre-pend text to the subject of the message, which will typically cause subsequent DKIM validations to fail.

ONGOING DIAGNOSIS

If you wish to capture messages for ongoing DKIM validation analysis, you can enable the archiving feature of the MailEnable MTA service. The archiving feature will capture messages before they have been modified by any filter actions. This feature can be found within the MailEnable Management Console under Servers/localhost/Services and Connectors/MTA properties.

MORE INFORMATION

See: http://www.mailenable.com/documentation/9.0/professional/webframe.html#filter_criteria.html

DKIM Base Specification: http://dkim.org/specs/rfc4871-dkimbase.html

 

 



Product:MailEnable
Article:ME020680
Module:General
Keywords:
Class:BUG: Product Defect/Bug
Revised:Sunday, February 11, 2018
Author:
Publisher:MailEnable