228.84.0.173.in-addr.arpa. 300 IN PTR mx3.slc.paypal.com<http://mx3.slc.paypal.com>
The IP shows it is coming from paypal servers, so yes they spoofed you. It is likely to be a known issue at paypal. I would not worry too much about it, but report it to paypal customer support to indicate you are not receiving their emails because they tried to spoof you. On Feb 27, 2013, at 3:43 AM, Lucian Holland <[email protected]> wrote: Hi, Apologies if this is the wrong forum, or I'm being particularly clueless about his, but I've recently implemented DMARC for my domain symposion.co.uk, and was surprised by a report I just received. I wanted to check if this was a known phenomenon, a misunderstanding on my part, or some genuine (and rather worrying) abuse. The report is included at the bottom of this message. If I'm understanding correctly, this is yahoo telling me that it has rejected a message according to my dmarc configuration. In particular, the message came was sent from a mail server with ip 173.0.84.228, and it failed because the message claimed in the headers to be from symposion.co.uk but in fact wasn't. What's odd is that the message passes both dkim and spf as paypal.com, and the mail server address is indeed mx3.slc.paypal.com . So it looks like PayPal is trying to spoof me! Is this a known issue with some elements of Paypal's systems vs DMARC, a sign of something more sinister, or just me misunderstanding? Many thanks, Lucian <?xml version="1.0"?> <feedback> <report_metadata> <org_name>Yahoo! Inc.</org_name> <email>[email protected]</email> <report_id>1361873612.854332</report_id> <date_range> <begin>1361750400</begin> <end>1361836799 </end> </date_range> </report_metadata> <policy_published> <domain>symposion.co.uk</domain> <adkim>r</adkim> <aspf>r</aspf> <p>reject</p> <pct>100</pct> </policy_published> <record> <row> <source_ip>173.0.84.228</source_ip> <count>1</count> <policy_evaluated> <disposition>reject</disposition> <dkim>fail</dkim> <spf>fail</spf> </policy_evaluated> </row> <identifiers> <header_from>symposion.co.uk</header_from> </identifiers> <auth_results> <dkim> <domain>paypal.com</domain> <result>pass</result> </dkim> <spf> <domain>paypal.com</domain> <result>pass</result> </spf> </auth_results> </record> </feedback> -- Lucian Holland Sent with Sparrow<http://www.sparrowmailapp.com/?sig> _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
