> > I am having a large (20%) of messages fail dkim. If I do some random > > checks, it looks like most of the failing messages are from the > > outlook.com cloud. Does any one else have this? Or is my setup just not > > properly checking dkim of outlook.com? > > how should i guess ? > > i see o365 not dkim sign at all, this is ok when spf pass, but not often > spf_helo fails, should dmarc care of spf_helo ? :) > > more help needs more info from you
I am only looking at signature verifications of dkim, nothing else. My software currently does not log selector and domain of failing signatures, so I am just doing an mx lookup and 'guessing' that outgoing mail originate from something similar. It is just to much of a coincidence that everything is outlook. Maybe my software or their software is not 100% compatible with what is being signed. add: header: X-Verification-Result: dkim=fail -@ xxx...@karllagerfeld.com [@]# dig +short -t mx karllagerfeld.com 10 fallback1.mx.nxs.nl. 5 karllagerfeld-com.mail.protection.outlook.com. add: header: X-Verification-Result: dkim=fail -@ xxxx...@hotmail.com [@]# dig +short -t mx hotmail.com 2 hotmail-com.olc.protection.outlook.com. etc etc.
