[opendmarc-users] SPF record macro expansion
Steve Siirila
sfs at umn.edu
Tue Sep 6 13:57:35 PDT 2022
Has anyone experienced issues with DMARC validation of email coming from
sites which should pass SPF and therefore pass DMARC but don't?
In our real-life example, we are receiving email from Service Now IP
addresses with a sender (envelope FROM) domain of USER at purestorage.com and
a header FROM domain of USER at purestorage.com. Because purestorage.com has
a DMARC reject policy, either SPF or DKIM must pass before we will accept
the email. There is no DKIM record, and the SPF record is rather complex:
purestorage.com. 300 IN TXT "v=spf1
include:purestorage.com._nspf.vali.email
include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all"
After substituting IP address, helo name, and domain name in the above, the
returned SPF record resolves to this value:
"v=spf1 include:service-now.com -all"
As such, DMARC should pass, but does not. Is opendmarc known to have
issues with SPF record macro expansion? Has anyone had any experience with
this sort of setup?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20220906/f3d65553/attachment.htm>
More information about the opendmarc-users
mailing list