[opendmarc-users] Can I tell why a specific message failed?
Dan Mahoney, System Admin
danm at prime.gushi.org
Tue Aug 26 09:00:42 PDT 2014
On Tue, 26 Aug 2014, Benny Pedersen wrote:
> On 26. aug. 2014 10.47.36 "Dan Mahoney, System Admin" <danm at prime.gushi.org>
> wrote:
>
>> Authentication-Results: prime.gushi.org; dkim=pass
>> reason="1024-bit key; unprotected key"
>> header.d=amazonses.com header.i=@amazonses.com header.b=IILVBN7v;
>> dkim-adsp=pass
>>
>> Any ideas?
>
> dig +trace amazon.com
>
> Missing ds rr gives unprotected key, but dkim works with signing domain
> amazonses.com none of them is dnssec protected
I'm not sure what you mean.
Those zones aren't signed, and I don't think I've seen any requirement in
the spec, or the FAQ, or anywhere else that says DNSSEC is mandatory.
(although of course a good resolver should reject a record with a DNSSEC
sig failure -- that's not what's happening here).
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the opendmarc-users
mailing list