Skip to content

Instantly share code, notes, and snippets.

@nh2
Created October 21, 2020 16:56
Show Gist options
  • Save nh2/a697791c5947c39be05e43808ffeb0b5 to your computer and use it in GitHub Desktop.
Save nh2/a697791c5947c39be05e43808ffeb0b5 to your computer and use it in GitHub Desktop.
Outlook apparently cannot deterministically run DKIM

It seems Outlook is totally bugged.

I set up a mail server and sent 4 emails in a row, for the first one Microsoft said:

dkim=pass (signature was verified)

For the second one it said:

dkim=fail (body hash did not verify)

For the third one it said:

dkim=timeout (key query timeout)

And then the 4th one passed again.

key query timeout may be forgiven (maybe Azure's internal DNS server is slow), but body hash did not verify If it cannot deterministically run a hash function, what can it do?

At this point I'm no longer surprised why most people use Gmail: There at least the basic tech works.


Click to expand the 4 `Authentication-Results` headers that `outlook.office.com` added
Authentication-Results: spf=pass (sender IP is 95.216.183.106)
smtp.mailfrom=mailserver3.aws.nh2.me; myoutlookdomain.com; dkim=pass (signature
was verified) header.d=mailserver3.aws.nh2.me;myoutlookdomain.com; dmarc=pass
action=none header.from=mailserver3.aws.nh2.me;compauth=pass reason=100

Authentication-Results: spf=pass (sender IP is 95.216.183.106)
smtp.mailfrom=mailserver3.aws.nh2.me; myoutlookdomain.com; dkim=fail (body hash
did not verify) header.d=mailserver3.aws.nh2.me;myoutlookdomain.com; dmarc=pass
action=none header.from=mailserver3.aws.nh2.me;compauth=pass reason=100

Authentication-Results: spf=pass (sender IP is 95.216.183.106)
smtp.mailfrom=mailserver3.aws.nh2.me; myoutlookdomain.com; dkim=timeout (key query
timeout) header.d=mailserver3.aws.nh2.me;myoutlookdomain.com; dmarc=pass
action=none header.from=mailserver3.aws.nh2.me;compauth=pass reason=100

Authentication-Results: spf=pass (sender IP is 95.216.183.106)
smtp.mailfrom=mailserver3.aws.nh2.me; myoutlookdomain.com; dkim=pass (signature
was verified) header.d=mailserver3.aws.nh2.me;myoutlookdomain.com; dmarc=pass
action=none header.from=mailserver3.aws.nh2.me;compauth=pass reason=100
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment