2022-02-19 Receiving DMARC reports and trying to debug my DKIM setup
Since November 2021 I have been running DKIM with sendmail. First for a test domain, later also for the main domain sending e-mail. I directly added a DMARC record with options to notify me of spf/dkim errors. I have seen a few reports of fake mail injected but most reports were about valid mail. For a long time google kept sending reports about dkim errors but I couldn't find out why. After I added the option to receive debug information this problem did not come back, so I'm not sure whether I fixed this. Today I sent something to a mailing list and got a debug report instantly. Somewhere after the mailing list software had changed the body of my message (it stripped the pgp signature and noted this) a mail server checked the DKIM headers and found out the body signature was wrong. Indeed. Mailing lists and DKIM/SPF are complicated.