Outlook.com breaking DKIM when forwarding mails

Hi

Does Microsoft actually look at what their system is doing when it comes to DKIM authentication?

I sent an email from my own server which uses DKIM and up til now DMARC with a p=reject policy.  I sent a mail to my outlook.com address with instructions to forward the mail to my blueyonder.co.uk address.

Virgin Media's email server bounced my mail.

On investigation I found that Microsoft had altered the email body and THEN forwarded it on.

Examples of the altered text:

This is a multi-part message in MIME format.
--=_5226908e44ebc0462f06052400644d2f
Content-Type: multipart/alternative;
 boundary="=_926d2a45bc543e1972443c87118fa61a"

--=_926d2a45bc543e1972443c87118fa61a
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset=utf-8

SGF2aW5nIGFub3RoZXIgZ28gYXQgZm9yd2FyZGluZyBhbiBlbWFpbCB2aWEgT3V0bG9vay4NCg0K
DQo=
--=_926d2a45bc543e1972443c87118fa61a
Content-Transfer-Encoding: base64
Content-Type: text/html; charset=utf-8
--=_5226908e44ebc0462f06052400644d2f
Content-Type: multipart/alternative;
boundary="=_926d2a45bc543e1972443c87118fa61a"

--=_926d2a45bc543e1972443c87118fa61a
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"

SGF2aW5nIGFub3RoZXIgZ28gYXQgZm9yd2FyZGluZyBhbiBlbWFpbCB2aWEgT3V0bG9vay4NCg0K
DQo=
--=_926d2a45bc543e1972443c87118fa61a
Content-Transfer-Encoding: base64
Content-Type: text/html; charset="utf-8"

In addition the Base64 part of the body text was also completely changed.  While this did not impact the actual message, it's in breach of RFC5322 which says that a mail relay MUST NOT alter the email in any way.  IN FACT DKIM relies on the message not being altered.

The mail was also placed in my Outlook.com inbox so I was able to check what you thought of the original mail.

Authentication-Results: spf=pass (sender IP is 77.68.89.100) smtp.mailfrom=timothydutton.co.uk; outlook.com; dkim=pass (signature was verified) header.d=timothydutton.co.uk;outlook.com; dmarc=pass action=none header.from=timothydutton.co.uk; Received-SPF: Pass (protection.outlook.com: domain of timothydutton.co.uk designates 77.68.89.100 as permitted sender) receiver=protection.outlook.com; client-ip=77.68.89.100; helo=box.timothydutton.co.uk; 

As you can see the mail originally passed all authentication checks.  Can you please ask your postmaster to review the actions of your mail server.

Thanks

 

Question Info


Last updated August 4, 2019 Views 78 Applies to:
Hi ravenstar,
You have posted on the Microsoft Community we are not employee's of Microsoft only community members working to help others.
You may want to direct your query to Microsoft Support. Within Outlook.com Click on the ? and then either get help or give feedback this information goes to Microsoft Monitored support.
Regards,
Sam

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.