Outbound port 25 is blocked by my ISP so I relay my email through a third party but I still use DKIM and SPF. Normally all the mail from my mail server (domain) passes both the DKIM and SPF checks by the receiving mail server but occasionally one does fail the SPF check as reported by a Google aggregate report and only a Google report. I have never seen a failure of this sort from other reporting mail servers.
In looking at the typical aggregate report when this occurs I find that all the mail that passes both tests goes through 205.234.18.129, the ip address of my mail forwarder, while the one that fails goes through a 173.201.193.XXX address where the last octet varies from report to report but all are registered to GoDaddy.com. What is puzzling to me is the fact that the mail that fails the SPF check apparently passes the DKIM check. I would think that if it passed the DKIM check then it would have to have come from my server so it should also pass the SPF check and it doesn’t. Is there a scenario other than someone having my private key file that would account for such a result? I suppose one possibility is that my mail server actually does relay through GoDaddy but I do not use them for forwarding services. I have also checked authinfo, sendmail.cf and used grep to look for any instance of secureserver.net or godaddy.com in any of the mail related files and find nothing. It also doesn’t seem likely that just one mail would try to go that way while all the rest are processed normally. Another possibility is that I have interpreted the report incorrectly and I am even asking the wrong questions. Can someone shed some light on this? A typical report is below. <?xml version="1.0" encoding="UTF-8" ?> - <feedback> - <report_metadata> <org_name>google.com</org_name> <email>[email protected]</email> <extra_contact_info>http://support.google.com/a/bin/answer.py?answer=2466580</extra_contact_info> <report_id>4319850521223435728</report_id> - <date_range> <begin>1375401600</begin> <end>1375487999</end> </date_range> </report_metadata> - <policy_published> <domain>mydomain.com</domain> <adkim>s</adkim> <aspf>s</aspf> <p>none</p> <sp>none</sp> <pct>100</pct> </policy_published> - <record> - <row> <source_ip>173.201.193.167</source_ip> <count>1</count> - <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>fail</spf> - <reason> <type>forwarded</type> <comment /> </reason> </policy_evaluated> </row> - <identifiers> <header_from>mydomain.com</header_from> </identifiers> - <auth_results> - <dkim> <domain>mydomain.com</domain> <result>pass</result> </dkim> - <spf> <domain>bounce.secureserver.net</domain> <result>pass</result> </spf> </auth_results> </record> - <record> - <row> <source_ip>205.234.18.129</source_ip> <count>42</count> - <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>pass</spf> </policy_evaluated> </row> - <identifiers> <header_from>mydomain.com</header_from> </identifiers> - <auth_results> - <dkim> <domain>mydomain.com</domain> <result>pass</result> </dkim> - <spf> <domain>mydomain.com</domain> <result>pass</result> </spf> </auth_results> </record> </feedback> _____________________________________________________________ http://mail.dogomania.com - Free email for dog enthusiasts. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
