« A C Lock-Free Hash Table Implementation | Main | A Use for Volatile in Multi-threaded Programming »

Google Breaks its own DKIM Signatures

So, Google, vaunted tech company that it is, seems to be doing something rather unfortunate. One of my friends/users, who uses Gmail as a repository for his email, recently notified me that email sent to him from other Gmail accounts showed up as “potentially forged”. Interestingly, this only happened for email that was sent from Gmail to an external server (i.e. mine) that then got relayed back to Gmail. Examining the “raw original”, here’s the differences:

  1. The relayed body has an extra newline at the end (this may be an artifact of Gmail’s view-raw-message feature)
  2. The relayed body quotes the display-name in the From header (or any other email header with a display-name)
  3. The relayed body strips off the weekday name from the Date header

Now, since this doesn’t happen to messages sent from-Gmail-to-Gmail directly, and I’m very certain that my email server isn’t doing it either (I sniffed the outbound SMTP traffic to prove it), I’m guessing that this message… “normalization”, for lack of a better term… is a function of their ingress filter. But all of those changes are enough to invalidate the DKIM signature that Gmail generated… or, I suppose, anyone else’s DKIM signature.


Come on, Google, get your act together.


TrackBack URL for this entry:

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


This page contains a single entry from the blog posted on July 5, 2011 9:14 AM.

The previous post in this blog was A C Lock-Free Hash Table Implementation.

The next post in this blog is A Use for Volatile in Multi-threaded Programming.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34