After configuring DKIM message signing, authentication with some vendors is failing.
Some email vendors (Google, port25.com) return errors when validating the DKIM signatures generated by the SBG appliance.
This is the result of some implementations using a case sensitive match for the canocalization method defined in the c= phrase of the DKIM-Signature header.
This issue is addressed in the 9.0.1-10 software release.
Symantec customers using the Brightmail Gateway products are encouraged to update their software release at their earliest convenience to take advantage of bug fixes and new features.
The DKIM RFC is unclear regarding whether the strings used in the header to define canonicalization should be case sensitive or not. The Brightmail Gateway uses upper case but some other implementations appear to expect all lower case:
c=Relaxed/Simple vs c=relaxed/simple.