you can send an failure report when only one of the authentication mechanism failed. This allows you to find emails coming from your infrastructure (SPF pass) but where DKIM is broken
From: Dan West <[email protected]<mailto:[email protected]>> Date: Thursday, January 17, 2013 3:10 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [dmarc-discuss] DMARC auth-failure: DKIM passes, SPF Fails So all of our email should be coming from drbott.net<http://drbott.net>. I checked out that SPF tool and that actually uncovered a few more things about our zone record I didn't realize. Thanks. I went back to review some of the DMARC reports from Hotmail and realized that it wasn't explicitly saying it was failing DMARC like I thought it was. I think I was thinking of a different DMARC report I had been looking at around the same time. The other part of the puzzle is that when Hotmail sends back their forensic reports, they make it sound like it was a message being reported as spam. Below is their wording: This is an email abuse report for an email message received from IP **Removed** on Fri, 7 Dec 2012 10:09:54 -0800. The message below did not meet the sending domain's authentication policy. For more information about this format please see http://www.ietf.org/rfc/rfc5965.txt. So it makes it sound like the message was either quarantined or rejected. Does anyone know if Hotmail treats messages that fail either authentication checks more harshly? [Dr Bott Logo]<http://www.drbott.net/>Dan West: Systems & Database Specialist | Dr. Bott LLC, "The Gateway to the Digital Lifestyle" 877.611.2688 | 9730 SW Hillman Ct, Ste 600, Wilsonville, OR 97070 | www.drbott.net<http://www.drbott.net> On Jan 17, 2013, at 10:50 AM, Franck Martin <[email protected]<mailto:[email protected]>> wrote: What is your domain? try this tool: http://dmarcian.com/spf-survey/ From: Dan West <[email protected]<mailto:[email protected]>> Date: Thursday, January 17, 2013 10:23 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [dmarc-discuss] DMARC auth-failure: DKIM passes, SPF Fails I am receiving DMARC reports back from Hotmail that show that some of our email is passing the DKIM check, but not the SPF check. The result is that the message is failing DMARC and getting quarantined. From everything I have read, a message must fail both SPF and DKIM checks to also fail DMARC. The report sent on 12/7 shows that the only thing that failed was SPF. I believe this is because the email got auto-forwarded from another account. I believe that since alignment and DKIM were still valid, it should have still gone through. Is there something I am missing from this report? I am not having this problem from Gmail or Yahoo. Below are the details of the report with private info **removed**: Feedback-Type: auth-failure User-Agent: XMR/2.2 Version: 1.0 Original-Mail-From: <**removed**> Original-Rcpt-To: **removed** Arrival-Date: Fri, 7 Dec 2012 10:09:54 -0800 Message-ID: <**removed**> Authentication-Results: hotmail.com<http://hotmail.com/>; spf=fail (sender IP is **removed**; identity alignment result is pass and alignment mode is strict) smtp.mailfrom=**removed**; dkim=pass (identity alignment result is pass and alignment mode is strict) header.d=**removed**; x-hmca=pass Source-IP: **removed** Auth-Failure: spf Reported-Domain: **removed** DKIM-Domain: **removed** DKIM-Identity: **removed** DKIM-Selector: dk1 So what I am hoping to find out is, does Hotmail have a stricter DMARC policy than other email providers such as Google and Yahoo? Is there anything else I can do to improve the reputation of forwarded emails? Would changing the SPF parameter from strict to relaxed affect this? [Dr Bott Logo]<http://www.drbott.net/>Dan West: Systems & Database Specialist | Dr. Bott LLC, "The Gateway to the Digital Lifestyle" 877.611.2688 | 9730 SW Hillman Ct, Ste 600, Wilsonville, OR 97070 | www.drbott.net<http://www.drbott.net/>
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
