Showing DKIM verified by gmail when the signature is broke in the Authentication Results

[shirikodama]

Again, this is just using the auth-res header not the online verifier. This is a message going through the dmarc ietf mailing list. it shows that the original signature is broken from gmail, but re-signed by ietf.org what I'm in the plugin is:

"DKIM Valid(signed by gmail.com) SPF: pass DMARC: fail

I suspect that it might be getting tripped up by the mailing list signature? because it passes but not the original signature.

Delivered-To: mike@mtcc.com
Received: by 2002:a54:25ca:0:0:0:0:0 with SMTP id x10csp9814668eco;
        Mon, 28 Dec 2020 23:04:12 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzrCJZtoo+Jwz7px2ptU4rlvC8TaiB8rY+aCXM9MxQEY4icVVlQsMzUDPQcGXYNnhwjD14t
X-Received: by 2002:aca:4c49:: with SMTP id z70mr1598235oia.46.1609225451832;
        Mon, 28 Dec 2020 23:04:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609225451; cv=none;
        d=google.com; s=arc-20160816;
        b=toceM+E5COMnjcg5DdL78LiiITnGi2rIbhNrW6/bTyyq9DzTqgayZHTOukWQHzDA/Q
         9LRJmEAQQTr7Z8Fsb8nkftDiVVUZDF1zhfkr6GvfMfiEL+zL75Jg4DrbCF3ciOJjJ8F+
         F7wfUFFER3OnhU9WcMIWuXF/71fS/7ZAxS7Q9VGWaK+hwj+1YDXEYjBa/PFQE4IGw0Zt
         DQ2Jl8rqbFeZRCdOl1UfVenW6m/5txK/+XMTDrcWhVVFKa/e2JH1SWBxmu1DC+bRx/WW
         ehteUlHrwgx3IOxp8cUQXIAAE2TRBcjwrlIY5UGVSgwTK/cp6pko9sTRRK1j0akl+wYK
         p6Hg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
         :list-unsubscribe:list-id:precedence:subject:archived-at:to
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature:delivered-to:dkim-signature:dkim-signature;
        bh=FDTJViLUm5XFYvVts9C8v+SOgNYoZiHwZaSswGbErK8=;
        b=uXIdhGqtSvTZchFCJhZJcelGYqLPkLV3nVkoAUeExxaAqUZ4k8T2j1KeSQR2J8W+s3
         MMGu7iY4bhW8psKnujcu7scQWS7m0ic05maYQgM28+3CULjFdOZ14RSyhPFCSoZA4gaC
         p/u8D8dcQaiuPZwSwCheqqWd0SrmzbXlxMHKgkmWrsGdSWEOLX8/CIQFIqogYcobbB3P
         /D+B4n+plNmmtcnxYk1wyI3ltPlPk/1iemK8Vo3v9y3gXYj2FTjE7cEG1S/ocG77AdWp
         MR5lDf6LufYKeTVFUbfKWRwdw5+vATAkA5RcJdMDWXwSUMB3JI6ENRdF0lt8Zqr8gVGL
         5qaQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ietf.org header.s=ietf1 header.b=cWcQEDsv;
       dkim=pass header.i=@ietf.org header.s=ietf1 header.b=FzyJHpbq;
       dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=bABLbEDq;
       spf=pass (google.com: domain of dmarc-bounces@ietf.org designates 4.31.198.44 as permitted sender) smtp.mailfrom=dmarc-bounces@ietf.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <dmarc-bounces@ietf.org>
Received: from mail.ietf.org (mail.ietf.org. [4.31.198.44])
        by mx.google.com with ESMTPS id o186si13975637oib.15.2020.12.28.23.04.11
        for <mike@mtcc.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 28 Dec 2020 23:04:11 -0800 (PST)
Received-SPF: pass (google.com: domain of dmarc-bounces@ietf.org designates 4.31.198.44 as permitted sender) client-ip=4.31.198.44;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ietf.org header.s=ietf1 header.b=cWcQEDsv;
       dkim=pass header.i=@ietf.org header.s=ietf1 header.b=FzyJHpbq;
       dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=bABLbEDq;
       spf=pass (google.com: domain of dmarc-bounces@ietf.org designates 4.31.198.44 as permitted sender) smtp.mailfrom=dmarc-bounces@ietf.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from ietfa.amsl.com (localhost [IPv6:::1])
    by ietfa.amsl.com (Postfix) with ESMTP id 3C72E3A1300
    for <mike@mtcc.com>; Mon, 28 Dec 2020 23:04:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
    t=1609225450; bh=e+TgHRgb8JRuCqH3tR8mC6FzhYGE3dfPlNDrkX3WTtM=;
    h=References:In-Reply-To:From:Date:To:Subject:List-Id:
     List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
     Cc;
    b=cWcQEDsvsUU2upuIrVc4ueIGUXjaPBf9EAih165SDS7LJabX19rxgchUWwA8bd2lP
     /aMjevuQEtodWml8LT/IjFu/1PQq5yLG4AxYNAQ+hR0UA4OvwLSlpdyvVvlAD6+Uu9
     gRQRCleEbVbl0oiNRK0GxgyMjwidIrGEf0abdACY=
X-Mailbox-Line: From dmarc-bounces@ietf.org  Mon Dec 28 23:04:05 2020
Received: from ietfa.amsl.com (localhost [IPv6:::1])
    by ietfa.amsl.com (Postfix) with ESMTP id 2E43E3A1111;
    Mon, 28 Dec 2020 23:04:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
    t=1609225443; bh=e+TgHRgb8JRuCqH3tR8mC6FzhYGE3dfPlNDrkX3WTtM=;
    h=References:In-Reply-To:From:Date:To:Subject:List-Id:
     List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
     Cc;
    b=FzyJHpbqVVq4PwaROZBjOCsxZ+MPua/mmOyEzkLN3u0h5OF2Kyz91vbbPRnwlR/UK
     KlJMg3hvTwntsqfzxfYqVh8OeOYmv+MnMULsDC+AgMu5V3U4MCmy3an0i8dK15LB7Z
     ZhmTumL+85PUgHtdhZ7b/K0iIVCE0MjtrXfsbrLY=
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 6C6343A10CB
 for <dmarc@ietfa.amsl.com>; Mon, 28 Dec 2020 23:04:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level: 
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vDRwwRReWoJZ for <dmarc@ietfa.amsl.com>;
 Mon, 28 Dec 2020 23:03:59 -0800 (PST)
Received: from mail-vs1-xe31.google.com (mail-vs1-xe31.google.com
 [IPv6:2607:f8b0:4864:20::e31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 279F83A1034
 for <dmarc@ietf.org>; Mon, 28 Dec 2020 23:03:59 -0800 (PST)
Received: by mail-vs1-xe31.google.com with SMTP id q10so6626487vsr.13
 for <dmarc@ietf.org>; Mon, 28 Dec 2020 23:03:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=LPL3TaaxIFabFOAu/B1G4ZchVlI05uDrPGRJuyR3xD0=;
 b=bABLbEDq4Z4TkNocAZxaDIdn2pajpgwZ39OeARYhyQlc3AEFYzLHkc15Ev5MYEOS3a
 v6YGJ72WRF1l1QUqXd4GNfU+wDO5s3Uwvvtj2wSDjMMFMrMaBqQlodn+NvN0Gz8eXR+A
 7tWa1SIYWUkoCeOMpBmqRt/MAt0DaTAIQaGTkGNjNM4b5TmnvcUwGzuZ3R/ehpiS3Cme
 OHWkCjgqDi3chJDQ+gCNcyjKloYXBhku+LRS7ruJOE/JAXGnJLFREiX4NptEyI+0Jy+K
 xmIfn2F0y2iEvw3/PZVkCNcVeqElj3R3DRwv9XdzOOMG6hiaQrdgNCOeTv3biKCwSLEG
 wnvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=LPL3TaaxIFabFOAu/B1G4ZchVlI05uDrPGRJuyR3xD0=;
 b=t1SEZfN1r+TATDO2wcKLam5KUodAgyCaERPZE9yseGNhmYgIhOmuezBFYa03xhAhY/
 4lgwKVl52+TEIOKLhDkePl0v+U6HruRnnBzhoi1CqSnSBoNoq7BaACV4kuQeJs9R6XR2
 1VcJPZ8McPSzB2R1wlLdgHan3ct2otEeCLlvdZ3cj4zTLPZJ0D0cB8e/tsIke5wwCMqt
 wd9sdgAtBn5hw64oLcAibKSW85t0X5R0lDZufzo0UHBdYbugUfc8RkHj+ZJuQytZ2HC/
 LbVhW4rCOD70KUWNTp6+IjWd+nOhJ7zEQS5Bzb4V/XAOLSRV3fnpd1BuBZfQvfJpGDK1
 gFLw==
X-Gm-Message-State: AOAM532rk5vRwxm9mQsIgAh/8R9gPqj5iKoOWlLkP5sSodZLws8Db0su
 m5TMkx3l8nTHqVJNSqGpTxpHR5w2GrOhIkD362U=
X-Received: by 2002:a67:fb46:: with SMTP id e6mr30854887vsr.40.1609225437952; 
 Mon, 28 Dec 2020 23:03:57 -0800 (PST)
MIME-Version: 1.0
References: <20201218023900.E73B82ACBB2B@ary.qy>
 <a8281e16-9417-5189-df73-79ea0a865fbd@tana.it>
 <c713b9ae-a364-1ae0-e79-55f61624aa3d@taugh.com>
 <3034face-b6fc-0ce2-fa1b-f59210bd6f5b@tana.it>
 <46339b38-3b24-bcb7-5e73-8a97038ed69@taugh.com>
 <3997c81d-3b30-0823-a752-fb1d60a44593@tana.it>
 <74a5c37-19a6-6f6f-a51d-6e5cca5b29e8@taugh.com>
 <CAJ4XoYdXWTgADpdL1eJuYGnpSY038vj-FW_x1f2rEp1JL0r2oA@mail.gmail.com>
 <01RTICXKLL3E0085YQ@mauve.mrochek.com>
 <c5f7413e-52c1-6710-16e5-63f59d2c24b9@taugh.com>
 <CAL0qLwYDeV9CmFg9qCCGPse00JV30WRiSC4orC-EitK=hiahgA@mail.gmail.com>
 <a79dd75-4d73-d1dc-d6b1-272de866b950@taugh.com>
 <CAL0qLwZXu3FxH7QGBS7PGbeDwfDTGmC=rbPEQidVV4eDJNHLUA@mail.gmail.com>
 <CAJ4XoYeK2cJb+easc=mqCi4ap1932LmbDdfxM1dFZKrdo2a2mw@mail.gmail.com>
 <acfe3d9e-97eb-50ee-26a2-568fdd8359dd@taugh.com>
 <CADyWQ+GJ62jt=dL9Gzuw_O7USNbS=86BqAzu8Rdv9sCb5OpCdw@mail.gmail.com>
 <d4a00be5-bd61-0c05-3431-8d56b39a3550@tana.it>
 <8813331f-f5e4-faa5-c6d-11212fc25797@taugh.com>
 <5d150251-427c-5c44-a0c3-ad2e7f24b692@tana.it>
 <01RTP8I70EYI004QVR@mauve.mrochek.com>
In-Reply-To: <01RTP8I70EYI004QVR@mauve.mrochek.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Mon, 28 Dec 2020 23:03:46 -0800
Message-ID: <CAL0qLwafqVOGtzfM=2N6fB1pHcQJ6RRXpJeFBGh9qkTQ0wbnTw@mail.gmail.com>
To: Ned Freed <ned+dmarc@mrochek.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FbukWojN8qmdsCqBZR8b6bm0Dek>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy
 implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
 and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
 <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
 <mailto:dmarc-request@ietf.org?subject=subscribe>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, IETF DMARC WG <dmarc@ietf.org>,
 John R Levine <johnl@taugh.com>, Alessandro Vesely <vesely@tana.it>
Content-Type: multipart/mixed; boundary="===============1237676303638430357=="
Errors-To: dmarc-bounces@ietf.org
Sender: "dmarc" <dmarc-bounces@ietf.org>

--===============1237676303638430357==
Content-Type: multipart/alternative; boundary="00000000000097be1f05b794fecb"

--00000000000097be1f05b794fecb
Content-Type: text/plain; charset="UTF-8"

On Mon, Dec 28, 2020 at 7:23 AM <ned+dmarc@mrochek.com> wrote:

> P.S. I hadn't looked at RFC 6589 before, and I  have to say I find its
> standards-track status to be nothing short of astonishing. How on earth do
> you
> assess interoperability?
>

With the benefit of hindsight, that's a great question.  I'd have been
happy with Informational.  Indeed, the IESG evaluation record shows several
ADs brought that up, but none of them insisted, and thus it didn't get
changed.

-MSK

--00000000000097be1f05b794fecb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Mon, Dec 28, 2020 at 7:23 AM &lt;<a hr=
ef=3D"mailto:ned%2Bdmarc@mrochek.com">ned+dmarc@mrochek.com</a>&gt; wrote:<=
br></div><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex">P.S. I hadn&#39;t looked at RFC 6589 before, and I=C2=A0 have to=
 say I find its<br>
standards-track status to be nothing short of astonishing. How on earth do =
you<br>
assess interoperability?<br></blockquote><div><br></div><div>With the benef=
it of hindsight, that&#39;s a great question.=C2=A0 I&#39;d have been happy=
 with Informational.=C2=A0 Indeed, the IESG evaluation record shows several=
 ADs brought that up, but none of them insisted, and thus it didn&#39;t get=
 changed.<br></div><div><br></div><div>-MSK<br></div></div></div>

--00000000000097be1f05b794fecb--

--===============1237676303638430357==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

--===============1237676303638430357==--

[lieser]

I don't see any problem here. Note that the mail you posted contains the Authentication-Results two times, and one contains a valid DKIM signature from gmail.com:

Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=gmail.com

If you only want the result from mx.google.com to show up, you can configure the trusted authentication servers in the account options of the add-on

[lieser]

As you haven't responded yet, I assume the issue was indeed that you just overlooked the second Authentication-Results header.