Strict canonicalization considered harmful

From: Alessandro Vesely <>
Date: Fri, 05 Dec 2014 11:18:11 +0100

a user reported problems with a long (us-ascii) From:, so I tried myself. My
first attempt went ok, but then I noted he used simple/simple rather than
relaxed/relaxed. So I temporarily changed my settings. This time I failed too.

I sent an empty message to each of the remailers in opendkim-README:

In addition, I tried Gmail, Yahoo!, and the following three:

Results: bounced, the last two succeeded, the
rest failed. To be more precise, applemaildev failed on an empty message like
the one below; however, it succeeded when the body contained some text. The
other checkers manage to munge the From: line before verification, so they
cannot succeed.

One of the empty messages is reproduced below:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=beta;
        t=1417767989; bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=; l=2;
Authentication-Results:; auth=pass (details omitted)
Received: from [] (pcale.tana [])
  (AUTH: CRAM-MD5 uXDGrn_at_SYT0/k)
  by with ESMTPA; Fri, 05 Dec 2014 09:26:29 +0100
  id 00000000005DC035.0000000054816C35.0000040B
Message-ID: <>
Date: Fri, 05 Dec 2014 09:26:29 +0100
From: "Display phrase of 51, total line length line of 76" <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.2.0
MIME-Version: 1.0
Subject: Test
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Received on Fri Dec 05 2014 - 10:18:22 PST

This archive was generated by hypermail 2.3.0 : Fri Dec 05 2014 - 10:27:01 PST