Microsoft breaks DKIM signature?

It's kind of rare, but not rare enough. Every now and then I hear of a client who is seeing intermittent DKIM failures at Microsoft Outlook.com/Hotmail properties. A Delivery Team Lead for one of the bigger ESPs posted about this on the Mailop list recently, looking for feedback and thoughts. The discussion that ensued seemed to come to a consensus that there are (rare) times when Microsoft may be modifying message content slightly, and thus causing the DKIM signature to break.

Steve Atkins of Word to the Wise has done a fantastic job of writing up some best practice suggestions on how an ESP can deal with this type of thing.

In addition to Steve's excellent suggestions, I would add, if it's not easy for you to modify your DKIM signing configuration, one thing to try when you run into these issues is, remove all tabs from the body content. It was suggested in one of the examples shared that an intermediate Microsoft server may have converted tabs to spaces, which potentially caused the DKIM signature failure. Of course, Steve Atkins is spot on to take the conversation to a higher level and look at how to modify the DKIM config to address this overall, but if you're looking for something to try right now, this is also something I would try.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.