Zoho break DKIM signatures (body Hash) if 8bit encoding are used through SMTP

Zoho break DKIM signatures (body Hash) if 8bit encoding are used through SMTP

I'd deployed DMARC in all my domains and for some time i'm monitoring DMARC reports.

For some reason, most of all emails sent by my domains using Zoho mail, are failing on DKIM verification, but not all.

After debugging and delimit the problem, the cause seems to be that Zoho servers modify the message body when they are sent in 8bit encoding (UTF-8). 7bits encoding, base64 or quoted-printable, work fine.

The facts:
(headers edited by security, in all case, body message was the same, "prueba" for 7bit encoding and "pruebá" for 8bit encoding test)

-All mails sent by Zoho WebMail Client use UTF-8 (charset) and quoted-printable (encoding). Work fine, DKIM are preserved. 

  1. Authentication-Results: mx.google.com;
       dkim=pass header.i=...
       spf=pass (google.com: domain of ...)
       dmarc=pass (p=NONE dis=NONE) header.from=....
DKIM-Signature: ....
Date: Tue, 19 Apr 2016 01:59:55 +0200
From: ...
To: ...
Message-ID: ...
Subject: prueba
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail

prueb=C3=A1

-All mail sent by Thunderbird using strictly 7bits encoding (so you don't use any character using the 8th bit), work perfecly too and DKIM are preserved too 

  1. Authentication-Results: mx.google.com;
       dkim=pass header.i=...
       spf=pass (google.com: domain of ...)
       dmarc=pass (p=NONE dis=NONE) header.from=....
DKIM-Signature: ....
Received: from ...
To: ...
From: ...
Subject: prueba
Message-ID: ...
Date: Tue, 19 Apr 2016 01:57:43 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:48.0) Gecko/20100101
 Thunderbird/48.0a1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

prueba

-When Thunderbird send any email that use at least one character that need the 8th bit (ñ, ´, ¿...), Thunderbird change to 8bit encoding, and then DKIM is broken

 
  1. Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=...
       spf=pass (google.com: domain of ...
       dmarc=pass (p=NONE dis=NONE) header.from=...
DKIM-Signature: ...
Received: from ...
To: ...
From: ...
Subject: prueba
Message-ID: ...
Date: Tue, 19 Apr 2016 01:57:55 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:48.0) Gecko/20100101
 Thunderbird/48.0a1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

pruebá

-Thunderbird forced to use always base64 encoding (mail.strictly_mime = true), work fine too, DKIM is preserved

 
  1. Authentication-Results: mx.google.com;
       dkim=pass header.i=...
       spf=pass (google.com: domain of ...
       dmarc=pass (p=NONE dis=NONE) header.from=...
DKIM-Signature: ...
Received: from ...
To: ...
From: ...
Subject: prueba
Message-ID: ...
Date: Tue, 19 Apr 2016 02:27:49 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:48.0) Gecko/20100101
 Thunderbird/48.0a1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: base64

cHJ1ZWLhDQo=

Thank in advances, and sorry my poor English.