« June 2011 | Main | June 2012 »

July 2011 Archives

July 5, 2011

Google Breaks its own DKIM Signatures

So, Google, vaunted tech company that it is, seems to be doing something rather unfortunate. One of my friends/users, who uses Gmail as a repository for his email, recently notified me that email sent to him from other Gmail accounts showed up as “potentially forged”. Interestingly, this only happened for email that was sent from Gmail to an external server (i.e. mine) that then got relayed back to Gmail. Examining the “raw original”, here’s the differences:

  1. The relayed body has an extra newline at the end (this may be an artifact of Gmail’s view-raw-message feature)
  2. The relayed body quotes the display-name in the From header (or any other email header with a display-name)
  3. The relayed body strips off the weekday name from the Date header

Now, since this doesn’t happen to messages sent from-Gmail-to-Gmail directly, and I’m very certain that my email server isn’t doing it either (I sniffed the outbound SMTP traffic to prove it), I’m guessing that this message… “normalization”, for lack of a better term… is a function of their ingress filter. But all of those changes are enough to invalidate the DKIM signature that Gmail generated… or, I suppose, anyone else’s DKIM signature.


Come on, Google, get your act together.

About July 2011

This page contains all entries posted to Kyle in July 2011. They are listed from oldest to newest.

June 2011 is the previous archive.

June 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34