Amazon failing DKIM?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Amazon failing DKIM?

@lbutlr
order confirmation mails from Amazon are getting tagged as spam:

> On 24 Jun 2018, at 22:16, Amazon.com <[hidden email]> wrote:
>
> -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
>                            trust
>                            [54.240.13.20 listed in list.dnswl.org]
> 5.0 DKIM_ADSP_DISCARD      No valid author signature, domain signs all mail
>                            and suggests discarding the rest
> 1.5 BAYES_95               BODY: Bayes spam probability is 95 to 99%
>                            [score: 0.9856]
> 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
> 0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
>                            headers
> 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

This isn't an isolated email, it's all of the order confirmations.

Headers:
Return-Path: <[hidden email]>
Received: from a13-20.smtp-out.amazonses.com (a13-20.smtp-out.amazonses.com [54.240.13.20])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.covisp.net (Postfix) with ESMTPS id 41DbV54JB6zbRTs
        for <[hidden email]>; Sun, 24 Jun 2018 22:17:01 -0600 (MDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
        s=yg4mwqurec7fkhzutopddd3ytuaqrvuz; d=amazon.com; t=1529900218;
        h=From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Date;
        bh=ZqyVYib8vrje0tC+LusohQNnwC+4buzayCt9asRgygI=;
        b=EZbTvozCYlMbxbNimZm6CljR/1Q2xIBMz3iPnNv8ja0+Xz6OzFd0r8B+I5dLU2WB
        0a65kRzsMYbcEmTGRk2x8iglmv7CNUPJU+uAxCqTyJGywYY0QlbcCm1KiX+22XMwtc5
        6iYzUoAXzu93OnUV01ZXjn+Uw3ztWwKfVMvuGHe4=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
        s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1529900218;
        h=From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Date:Feedback-ID;
        bh=ZqyVYib8vrje0tC+LusohQNnwC+4buzayCt9asRgygI=;
        b=L6DMPXt3b6ujpbpAPpbKcXdlsdDUeVo999u9u6BkEhDpsN5EurM5XkIJ72DfOaH+
        GCGRJK6/sdTmf8muZVS0RWFo7JcR4o7CdOyLLEtBnXyFjEbHLrL6UVUkTUrifdzBKI7
        +ozoNn+RxLDpq3kpWl0MJ4YAKAR/x9yWiOe8SSz8=
From: "Amazon.com" <[hidden email]>
Reply-To: [hidden email]
To: [hidden email]
Message-ID: <[hidden email]>
Subject: Your Amazon.com order of "...".
Content-Type: multipart/alternative;
        boundary="----=_Part_22448454_1319981108.1529900218214"
X-AMAZON-MAIL-RELAY-TYPE: notification
Bounces-to: [hidden email]
X-AMAZON-METADATA: CA=C3K6JZ19ME7GV-CU=APPPSMZDNGWEV-RI=ASBCBE1U94KXT
X-Original-MessageID: <[hidden email]>
Date: Mon, 25 Jun 2018 04:16:58 +0000
X-SES-Outgoing: 2018.06.25-54.240.13.20
Feedback-ID: 1.us-east-1.ZHcGJK6s+x+i9lRHKog4RW3tECwWIf1xzTYCZyUaiec=:AmazonSES

Reply | Threaded
Open this post in threaded view
|

Re: Amazon failing DKIM?

Kevin A. McGrail-5
It passed for me on the 22nd.  Is this still occurring for you?

--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project

On Mon, Jun 25, 2018 at 3:35 AM, @lbutlr <[hidden email]> wrote:
order confirmation mails from Amazon are getting tagged as spam:

> On 24 Jun 2018, at 22:16, Amazon.com <[hidden email]> wrote:
>
> -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
>                            trust
>                            [54.240.13.20 listed in list.dnswl.org]
> 5.0 DKIM_ADSP_DISCARD      No valid author signature, domain signs all mail
>                            and suggests discarding the rest
> 1.5 BAYES_95               BODY: Bayes spam probability is 95 to 99%
>                            [score: 0.9856]
> 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
> 0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
>                            headers
> 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

This isn't an isolated email, it's all of the order confirmations.

Headers:
Return-Path: <[hidden email]>
Received: from a13-20.smtp-out.amazonses.com (a13-20.smtp-out.amazonses.com [54.240.13.20])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.covisp.net (Postfix) with ESMTPS id 41DbV54JB6zbRTs
        for <[hidden email]>; Sun, 24 Jun 2018 22:17:01 -0600 (MDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
        s=yg4mwqurec7fkhzutopddd3ytuaqrvuz; d=amazon.com; t=1529900218;
        h=From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Date;
        bh=ZqyVYib8vrje0tC+LusohQNnwC+4buzayCt9asRgygI=;
        b=EZbTvozCYlMbxbNimZm6CljR/1Q2xIBMz3iPnNv8ja0+Xz6OzFd0r8B+I5dLU2WB
        0a65kRzsMYbcEmTGRk2x8iglmv7CNUPJU+uAxCqTyJGywYY0QlbcCm1KiX+22XMwtc5
        6iYzUoAXzu93OnUV01ZXjn+Uw3ztWwKfVMvuGHe4=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
        s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1529900218;
        h=From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Date:Feedback-ID;
        bh=ZqyVYib8vrje0tC+LusohQNnwC+4buzayCt9asRgygI=;
        b=L6DMPXt3b6ujpbpAPpbKcXdlsdDUeVo999u9u6BkEhDpsN5EurM5XkIJ72DfOaH+
        GCGRJK6/sdTmf8muZVS0RWFo7JcR4o7CdOyLLEtBnXyFjEbHLrL6UVUkTUrifdzBKI7
        +ozoNn+RxLDpq3kpWl0MJ4YAKAR/x9yWiOe8SSz8=
From: "Amazon.com" <[hidden email]>
Reply-To: [hidden email]
To: [hidden email]
Message-ID: <[hidden email]>
Subject: Your Amazon.com order of "...".
Content-Type: multipart/alternative;
        boundary="----=_Part_22448454_1319981108.1529900218214"
X-AMAZON-MAIL-RELAY-TYPE: notification
Bounces-to: [hidden email]
X-AMAZON-METADATA: CA=C3K6JZ19ME7GV-CU=APPPSMZDNGWEV-RI=ASBCBE1U94KXT
X-Original-MessageID: <[hidden email]>
Date: Mon, 25 Jun 2018 04:16:58 +0000
X-SES-Outgoing: 2018.06.25-54.240.13.20
Feedback-ID: 1.us-east-1.ZHcGJK6s+x+i9lRHKog4RW3tECwWIf1xzTYCZyUaiec=:AmazonSES


Reply | Threaded
Open this post in threaded view
|

Re: Amazon failing DKIM?

Bill Cole
In reply to this post by @lbutlr
On 25 Jun 2018, at 3:35 (-0400), @lbutlr wrote:

> order confirmation mails from Amazon are getting tagged as spam:

Not here, but I have not seen one in a few days...

>> On 24 Jun 2018, at 22:16, Amazon.com <[hidden email]> wrote:
>>
>> -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at
>> http://www.dnswl.org/, no
>>                            trust
>>                            [54.240.13.20 listed in list.dnswl.org]
>> 5.0 DKIM_ADSP_DISCARD      No valid author signature, domain signs
>> all mail
>>                            and suggests discarding the rest

Yeah.... don't do that. DKIM is fragile. As its adoption has spread, it
has increasingly become LESS reliable. Boosting the score on that rule
trusts the competence of people deploying DKIM far more than is merited.


>> 1.5 BAYES_95               BODY: Bayes spam probability is 95 to 99%
>>                            [score: 0.9856]

You have a severe mis-training problem.

>> 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not
>> necessarily valid
>> 0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
>>                            headers

That's very broken. Amazon is apparently building bad messages. I have
not seen them do that.

>> 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not
>> valid
>
> This isn't an isolated email, it's all of the order confirmations.

Thanks for the heads-up. I haven't seen one like this yet and hopefully
they'll fix their issues soon.



--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole
Reply | Threaded
Open this post in threaded view
|

Re: Amazon failing DKIM?

RW-15
On Mon, 25 Jun 2018 13:01:52 -0400
Bill Cole wrote:

> On 25 Jun 2018, at 3:35 (-0400), @lbutlr wrote:

> >> 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not
> >> necessarily valid
> >> 0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required
> >> MIME headers  
>
> That's very broken. Amazon is apparently building bad messages. I
> have not seen them do that.

It's a bit suspicious IMO. Amazon signed MIME-Version, so if something
later stripped or corrupted it, it would account for both
MIME_HEADER_CTYPE_ONLY and T_DKIM_INVALID.

> >> 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not
> >> valid  
Reply | Threaded
Open this post in threaded view
|

Re: Amazon failing DKIM?

@lbutlr
On 25 Jun 2018, at 16:41, RW <[hidden email]> wrote

> On Mon, 25 Jun 2018 13:01:52 -0400
> Bill Cole wrote:
>
>> On 25 Jun 2018, at 3:35 (-0400), @lbutlr wrote:
>
>>>> 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not
>>>> necessarily valid
>>>> 0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required
>>>> MIME headers  
>>
>> That's very broken. Amazon is apparently building bad messages. I
>> have not seen them do that.
>
> It's a bit suspicious IMO. Amazon signed MIME-Version, so if something
> later stripped or corrupted it, it would account for both
> MIME_HEADER_CTYPE_ONLY and T_DKIM_INVALID.

Yeah, I am wondering if I did something to the headers, but they look untouched.

I’ll turn down the DKIM_ADSP_DISCARD score for now, though it’s been pretty reliable for me.

--
THE PLEDGE OF ALLEGIANCE DOES NOT END WITH HAIL SATAN Bart chalkboard
Ep. 1F16