It appears that Trashmail adds it's own DKIM signature to outbound emails.
That would be sweet from emails that originate from Trashmail, if the signature was working right.
From my tests, it seems that it suffers from two different problems, so depending on the originator, doesn't work right:
- If it's an inbound email (forwarded), Trashmail adds it's own DKIM signature header (even if the original email, came with it's own DKIM signature) but d= is replaced with the originator's domain thus making the retrieved public key (if any) to have nothing to do with the key that resides at 2012._domainkey.trashmail.net TXT record -- Example case:
Code: Select all
Authentication-Results: mx.google.com; spf=pass (google.com: domain of firstname.lastname@example.org designates 220.127.116.11 as permitted sender) email@example.com; dkim=pass firstname.lastname@example.org DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=linkedin.com; s=2012; t=1357842364; bh=NxOWoPLcCEJOjspdv9sT9WYexoKte1g7/seXqA8qU8U=; h=Date:From:To:Subject:Reply-To; b=<signature1> Authentication-Results: trashmail.net; dkim=pass (1024-bit key; insecure key) email@example.com header.b=CsRT5x4x; dkim-adsp=pass DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=prod; d=linkedin.com; h=DKIM-Signature:Sender:Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:X-LinkedIn-Template:X-LinkedIn-Class:X-LinkedIn-fbl; b=<signature2> DKIM-Signature: v=1; a=rsa-sha1; d=linkedin.com; s=proddkim1024; c=relaxed/relaxed; q=dns/txt; firstname.lastname@example.org; t=1357842362; h=From:Subject:Date:To:MIME-Version:Content-Type:X-LinkedIn-Class:X-LinkedIn-fbl: X-LinkedIn-Template; bh=iiNWCEHM7CIYkiZ/mQgTyolyobs=; b=<signature3>
- If it's an outbound email (one that originates from Trashmail itself, i.e. through the website's send mail form), the verify fails with the reason been "bad signature" -- Example case:
Code: Select all
Authentication-Results: mx.google.com; spf=pass (google.com: domain of <email>@trashmail.net designates 2a01:4f8:130:23a2:0:2:0:1 as permitted sender) smtp.mail=<email>@trashmail.net; dkim=hardfail email@example.com DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=trashmail.net; s=2012; t=1357852976; bh=8FLQfTZgzZ3ocq3J8loVWohQ12JohLqmcyZ1VJJG/DM=; h=Date:Subject:From:To; b=<signature>
**I have omitted the actual signatures because forum doesn't allow over 3kb of text per post.
EDIT: Some more facts added after extensive testing.