We've started getting a few customers not receiving our emails and we've narrowed it down to DKIM we believe.
It look like SMG is generating the DKIM body hash before SMG adds the corporate signature footer to the email. If we disable the Message signature service on the outbound policy them the DKIM signing is fully validated successfully.
One other thing we've noticed when investigating this is that emails sent in plain text aren't DKIM signed at all, DKIM only kicks in if your email is HTML or your email has attachments. Is that how DKIM works?
I'm guessing that the customer(s) with the problem are aggressively rejecting DKIM body hash failures, and they shouldn't but if the DKIM signing happened last after all the signatures were applied you wouldn't have the issue IMO.
Anyone else seeing the same? We are fully patched to 2022.10.10 rpm:1.0.1-337.1 (SMG 7.0.1)
Mark.