I am trying to send an email via Amazon SES. I came across a pretty weird behaviour regarding the email's DKIM Signature.
According to this documentation, the last 2 lines stipulate that Amazon SES adds a DKIM signature of its own, which looks like this:
Received-SPF: pass (domain of amazonses.com designates 5.240.8.29 as permitted sender)
Authentication-Results: atlas222.free.mail.bf1.yahoo.com;
dkim=perm_fail header.i=@amazonses.com header.s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw;
spf=pass smtp.mailfrom=amazonses.com;
dmarc=unknown header.from=somedomain.com;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=167098234;
h=Date:MIME-Version:Message-ID:To:From:Reply-To:Subject:Feedback-ID:List-Unsubscribe:List-Unsubscribe-Post:List-Help:Content-Transfer-Encoding:Content-Type;
bh=N9guynJNBoGOSIx//oL1JHgbJyamt5u5yxgWxtw04xA=;
b=geaU3laohsTcVBHSolTgZ2v9L9QKv0dD7B9UIpuPWIEnaUS2COUXFHrlTR66dN7p
j7D90DpKM4hUYUU2LGUIBWw6xGv/4clqol45DBYNZnvyTD9TRR+D3PL6AH2oezRggV1
MTnZ2ygtXlSctbJKWDeZR1AUlAw5VJJrFea9LxQE=
If I activate my DKIM on SES, another signature is added as well as another DKIM line dkim=perm_fail header.i=@amazonses.com.... and when correctly set-up it has pass status.
How can a DKIM signature added by Amazon SES have perm_fail status? Is there a way to correct that?
Finally ! After hours and hours of searching and testing I found out why the Amazon SES DKIM check fails.
It was an encoding problem.
Sending e-mails with the utf8 allowed mime type will cause this error when some exotic characters are sent in email body/headers.
When sending a simple email with a hello world body the DKIM was pass. but sending an email containing a character like this one ᥱ for example with the utf8 led DKIM to fail.