[opendmarc-users] Unexplainable dmarc=none instead of dmarc=fails as authentication result
Stefan Tittel
stefan at tittel.net
Mon Oct 17 16:56:15 PDT 2016
Hello,
I deployed OpenDMARC on Debian Jessie using the 1.3.1 package from
jessie-backports. My MTA is Postfix, DKIM headers are written by
OpenDKIM and SPF headers are written by python-policyd-spf,
SPFSelfValidate is off.
When it comes to successfully validating mails that are supposed to pass
DMARC, things look mostly fine and consistent. However I just stumbled
upon a result that I cannot explain.
DMARC record of example.com (the From domain):
----------------------------------------------
"v=DMARC1; p=none; rua=mailto:dmarc at example.com;
ruf=mailto:dmarc at example.com; fo=0:d:s"
Relevant mail headers:
----------------------
Return-Path: <aohmhdhkoumifukgke.uahokifhfg at subdomain.someothersite.com>
Delivered-To: <me at mysite.com>
Received: from myserver.mysite.com
by myserver.mysite.com (Dovecot) with LMTP id ESTmCWiGBFgdUAAAFMX49g
for <me at mysite.com>; Mon, 17 Oct 2016 10:06:00 +0200
Authentication-Results: myserver.mysite.com; spf=pass (sender SPF
authorized) smtp.mailfrom=subdomain.someothersite.com
(client-ip=123.123.123.123; helo=sendermailserver.differentsite.com;
envelope-from=aohmhdhkoumifukgke.uahokifhfg at subdomain.someothersite.com;
receiver=myotherself at mysite.com)
Authentication-Results: myserver.mysite.com; dmarc=none
header.from=example.com
Authentication-Results: myserver.mysite.com;
dkim=pass (2048-bit key; unprotected) header.d=differentsite.com
header.i=@differentsite.com header.b=d74dTJT2;
dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from sendermailserver.differentsite.com
(sendermailserver.differentsite.com [123.123.123.123])
by myserver.mysite.com (Postfix) with ESMTPS id 895D94045E
for <myotherself at mysite.com>; Mon, 17 Oct 2016 10:05:56 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; s=k; d=differentsite.com;
h=Date:From:To:Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Type;
bh=4pCHK+R2MG3DvF38W2PVLzbeulJ5wby0VB+pvymocOk=;
b=d74dTJT2T3/e8OUN/Mb7fpYjHZjrPUNnzSvv6gle1O9arrFPDyFlINqmP2bd9+l7SZFHzNCSfkFs
1MPdUveFT6g4T33yE4+i3s6hTI/IlQrKlhFOis9eYqs4wIdCfGgvRM5qVMQPvRj5TgMPNCq8bEdG
gDMVd0crrasji/6WvZZTZv+/Hh0N3vvvXT4tcx1aEUi51KHerAyrZW8EmeIoXKLuVXwx6eOIDBVO
sTU2NTJwABlERzPnqQD8sBOQw9aWowwrjRiuCsBG5PQM0icSz5CnMaOWkA4+Swv28G2IoqnSyJj+
eY6IU8l0yJ2479vp6/Z6VZ6mzrcd/BRQ3bz2AQ==
Date: Mon, 17 Oct 2016 10:05:49 +0200
From: "Sender Name" <info at example.com>
To: myotherself at mysite.com
In short: DKIM passes for the non-aligned domain "differentsite.com" and
SPF passes for the non-aligned domain "subdomain.someothersite.com". The
From domain has a valid DMARC record and since both DKIM and SPF are
non-aligned, I would expect "dmarc=fail" as authentication result of
OpenDMARC, however it is "dmarc=none".
In the aggregate report sent out to example.com everything looks like
it's supposed to look (policy recognized, non-alignment of both SPF and
DKIM leads to failed policy evaluation, raw results for SPF and DKIM are
pass):
<policy_published>
<domain>example.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>123.123.123.123</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>example.com</header_from>
</identifiers>
<auth_results>
<spf>
<domain>subdomain.someothersite.com</domain>
<result>pass</result>
</spf>
<dkim>
<domain>differentsite.com</domain>
<result>pass</result>
</dkim>
</auth_results>
</record>
Any ideas?
Thank you in advance!
Stefan
PS.: example.com is actually a sports venue and this is happening with
their newsletters and the unsubscribe mail for their newsletter. You can
sign up for the newsletter here:
http://www.sportpark-gelsenkirchen.de/infos/newsletter/
More information about the opendmarc-users
mailing list