Does DKIM work?
Since there's still a long standing issue with SPF verification not working, I was wondering about DKIM verification. Does it actually work reliably?
I'm seeing DKIM failures for certain messages from known senders with the reason "body hash mismatch" but I can't be certain if these are actual failures from the sender side or if ES is evaluating them wrong.
The messages are from known senders and not all messages from them are failing verification. Could be an issue on the sender side, I've seen similar issues with Office 365 as sender when their key rotation isn't working properly.
Another thing is that often outright DKIM failure doesn't seem to affect message evaluation much and spam is getting through even with failures.