On a slightly related subject... This DKIM failure surprised me, but at least I verified that many NANOG subscribers have mailservers returning DMARC failure reports ;-) Bjørn Mork <bjorn@mork.no> writes:
Authentication-Results: mx.google.com; dkim=fail header.i=@mork.no header.s=b header.b=NB0BT8Ez; spf=pass (google.com: best guess record for domain of bjorn@miraculix.mork.no designates 2001:41c8:51:8a:feff:ff:fe00:e5 as permitted sender) smtp.mailfrom=bjorn@miraculix.mork.no; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mork.no Received: from canardo.dyn.mork.no ([IPv6:2a01:799:c9f:8600:0:0:0:1]) (authenticated bits=0) by louie.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnGC342047 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Sun, 3 Apr 2022 19:16:50 +0100 Received: from miraculix.mork.no ([IPv6:2a01:799:c9f:8602:8cd5:a7b0:d07:d516]) (authenticated bits=0) by canardo.dyn.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnKb1147676 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Sun, 3 Apr 2022 20:16:49 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=b; t=1649009809; bh=ZByFGHIiZPQYmJjQnCv16CXFZhKG8U3fTayR+Mx3piY=; h=From:To:Cc:Subject:References:Date:Message-ID:From; b=NB0BT8EzJBl2E3jzDaz7QY4C/utMGKFF+HCs8qjQFoHA4JHTD21ZkTk34jp2VOiJ0 pYWHUNXCNaEBK44Hr4U96h5pfXor+dqo0cSuRPTLNnRsoLAQg2kqmQkvylagdeezZc 4p+jQEQv5La2KbjzEIvW6iSGwwe4ltT9hu7h0H8U= Received: (nullmailer pid 389787 invoked by uid 1000); Sun, 03 Apr 2022 18:16:48 -0000 From: =?utf-8?Q?Bj=C3=B8rn_Mork?= <bjorn@mork.no> To: Randy Bush <randy@psg.com> Cc: John Levine <johnl@iecc.com>, "North American Network Operators' Group" <nanog@nanog.org> Subject: Re: Gmail (thus Nanog) rejecting ipv6 email Organization: m References: <875ynqcvsl.fsf@miraculix.mork.no> <20220403164123.4CE413A4B99C@ary.qy> <m28rsmjbu9.wl-randy@psg.com> Date: Sun, 03 Apr 2022 20:16:48 +0200 In-Reply-To: <m28rsmjbu9.wl-randy@psg.com> (Randy Bush's message of "Sun, 03 Apr 2022 10:50:06 -0700") Message-ID: <87v8vqav73.fsf@miraculix.mork.no>
Did a little testing, and it looks like opendkim create a bogus signature if a quoted-string diplay name in a To or Cc headers contains an apostrophe. Not good at all. Bjørn