[opendmarc-users] dmarc fail on internal emails
Ian Evans
dheianevans at gmail.com
Fri Apr 21 14:40:15 PDT 2017
On Fri, Apr 21, 2017 at 5:31 PM, Juri Haberland <juri at sapienti-sat.org>
wrote:
> On 21.04.2017 23:06, Ian Evans wrote:
>
> > Here's the current state of affairs after making the recommended changes:
> >
> > Incoming email:
> >
> > FROM Gmail TO my site: Headers show dkim, spf and dmarc pass
> > FROM mysite to mysite: Headers show dkim pass. Dmarc fail, no spf headers
> > present.
> >
> > Safe to assume the internal mail is failing because a dmarc pass requires
> > dkim and SPF passes and spf isn't present?
>
> No, because DMARC os OR, not AND. Either DKIM pass or SPF pass (if aligned
> that is) should result in a DMARC pass.
>
> > Outgoing email:
> > FROM my site to Gmail: Headers show DKIM pass, SPF pass, DMARC pass
>
> Not relevant.
>
> > Sending email to test at http://www.appmaildev.com/en/dkim shows spf
> pass,
> > dkim pass and dmarc fail. If passed on gmail, faulty implementation on
> this
> > site?
>
> Just tried it, and just got "DMARC: ExistsRecord" - no pass and no fail, it
> just checks for an existing DMARC record.
>
I found that odd too. The dmarc section just shows that, but in the section
where it shows the email headers as rec'd it shows the dmarc fail/pass.
As a note to your previous email, I'm not insisting on testing internal
emails. The config in the tutorial didn't have a way shown to turn that
off. If it's a best practice how do I stop those tests on example.com to
example.com emails. I'll turn it off in a flash once I know.
As per your request, will send you an email for test off-list.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20170421/15fe2342/attachment.htm>
More information about the opendmarc-users
mailing list