[opendmarc-users] Rejecting DMARC errors

Juri Haberland juri at sapienti-sat.org
Wed Jun 12 23:17:27 PDT 2019


On 2019-06-12 12:03, Lefteris Tsintjelis wrote:
> Hi, I am having problems with rejecting errors.
> 
> 1) When an email arrives without any DKIM signature from a DKIM signed
> domain, OpenDMARC generates an error (dmarc=permerror) but it does not
> reject the email according to domain policy set as reject.

OpenDMARC does not check DKIM by itself - it relies on other software to 
do that and expects that other software (e.g. OpenDKIM) to add an 
Authentication-Results header with the result of the DKIM check.

> 2) Also, when an email arrives from an older domain using DomainKey
> OpenDMARC is doing the exact same thing, generates an error but email
> is accepted.

DomainKey is obsolete and not part of the DMARC RFC and therefor not 
supported by OpenDMARC.

> I want to enforce the policy according to what is set in domain's DNS 
> in case 1
> 
> In case 2 I would like to accept the email if DomainKey checks 
> correctly.
> 
> Is this possible with OpenDMARC?

Yes to 1), no to 2). Please tell us more about your configuration...


Cheers,
   Juri


More information about the opendmarc-users mailing list