- This was reported wth a RUF report (DKIM signature check failed, new
selector). This suggests that they don't have a matching public key in the DNS.
Correct.
We have never received a new selector notification that we did not add
ourselves.
We are trying to reproduce what likely caused it.
-----Original Message-----
From: Wietse Venema via Postfix-users <postfix-users@postfix.org>
Sent: Saturday, March 29, 2025 4:09 PM
To: Postfix users <postfix-users@postfix.org>
Subject: [pfx] Re: insert multi-line values into header
CAUTION: This email was sent from an external sender. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
Gomes, Rich via Postfix-users:
> Perhaps I should re-phrase:
>
> It was presented in our DMARC portal as "a new selector was
> identified"
Anyone can send email with a fake DKIM-Signature: header that identifies a
legitimate email sending domain with the 'd=' tag, and hat idebtifies a bogus
selector with the 's=' tag. The path in DNS for the public key is constructed
by simple concatenation:
IN TXT $selector._domainkey.$domain.
This was reported wuth a RUF report (DKIM signature check failed, new
selector). This suggests that they don't have a matching public key in the DNS.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an
email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
