Hotmail/Outlook.com DKIM failure when signing with different domain - header.d ignored
We (sender.org) provide a mail server for a client (example.org) and sign outgoing messages with our private DKIM key (we cannot change the signing domain to the client's domain).
Return-Path: [email protected]
From: [email protected]
The DKIM signature looks like this:
DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; c=relaxed/relaxed; t=1413987605;
s=default; d=sender.org;
h=Reply-To:List-Unsubscribe:List-Id:From:To:Message-Id:Subject:Date:MIME-Version;
bh=ISuMd/He7ct2h8gGuqNPS6u0Knk=;
b=nLx/atDvwyl28uB6MSXRUoQO2tH0Dr46wn+IPnxioKMGBHlKFAeEArz0VZyvXIIG
wM35CG8QspFTsRxvbV3Wfqx1+cR+6RIK1ecILXxCegNd3SCcaMao3fJ5IYAbL4yLiHy
lbDvXPCSLmJ2uYsNG2ZeIkWDLLOG+WUjyzdtEPD8=
Gmail, Yahoo and others validate the DKIM signature correctly. However in Microsoft mail services such as Outlook.com or hotmail.com the DKIM validation fails:
Authentication-Results: hotmail.com; spf=pass (sender IP is 123.456.78.90)
[email protected]; dkim=none header.d=example.org;
x-hmca=none [email protected]
The message says dkim=none
even though the DKIM signature is in the header of the email. More importantly, the header.d
is wrongly set to example.org
whereas it should be sender.org
- the domain that is signing.
We have tried to add [email protected]
to the DKIM signature and changed the order of the header fields - nothing helped.
Are we missing something?
Is this a bug in hotmail/Outlook.com?
Is there any solution or other indications on how to solve this?
It is not a bug. Its a requirement from Microsoft.
Your emails must have a Author Domain Signature. In other words, domain name of the DKIM signing entity(d=), is the same as the domain name in the author address.
Your author address is [email protected] and signing entity is sender.org