Presumably someone you write to on a fairly regular basis (a) has their
email handled by GoDaddy and (b) has GoDaddy forward a copy to somewhere
else (a mobile device, another webmail service, ...).
- Roland
On 08/04/2013 11:05 AM, DSH wrote:
Outbound port 25 is blocked by my ISP so I relay my email through a third party
but I still use DKIM and SPF. Normally all the mail from my mail server
(domain) passes both the DKIM and SPF checks by the receiving mail server but
occasionally one does fail the SPF check as reported by a Google aggregate
report and only a Google report. I have never seen a failure of this sort from
other reporting mail servers.
In looking at the typical aggregate report when this occurs I find that all the
mail that passes both tests goes through 205.234.18.129, the ip address of my
mail forwarder, while the one that fails goes through a 173.201.193.XXX address
where the last octet varies from report to report but all are registered to
GoDaddy.com.
What is puzzling to me is the fact that the mail that fails the SPF check
apparently passes the DKIM check. I would think that if it passed the DKIM
check then it would have to have come from my server so it should also pass the
SPF check and it doesn’t. Is there a scenario other than someone having my
private key file that would account for such a result?
I suppose one possibility is that my mail server actually does relay through
GoDaddy but I do not use them for forwarding services. I have also checked
authinfo, sendmail.cf and used grep to look for any instance of
secureserver.net or godaddy.com in any of the mail related files and find
nothing. It also doesn’t seem likely that just one mail would try to go that
way while all the rest are processed normally.
Another possibility is that I have interpreted the report incorrectly and I am
even asking the wrong questions.
Can someone shed some light on this?
A typical report is below.
<?xml version="1.0" encoding="UTF-8" ?>
- <feedback>
- <report_metadata>
<org_name>google.com</org_name>
<email>[email protected]</email>
<extra_contact_info>http://support.google.com/a/bin/answer.py?answer=2466580</extra_contact_info>
<report_id>4319850521223435728</report_id>
- <date_range>
<begin>1375401600</begin>
<end>1375487999</end>
</date_range>
</report_metadata>
- <policy_published>
<domain>mydomain.com</domain>
<adkim>s</adkim>
<aspf>s</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
- <record>
- <row>
<source_ip>173.201.193.167</source_ip>
<count>1</count>
- <policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
- <reason>
<type>forwarded</type>
<comment />
</reason>
</policy_evaluated>
</row>
- <identifiers>
<header_from>mydomain.com</header_from>
</identifiers>
- <auth_results>
- <dkim>
<domain>mydomain.com</domain>
<result>pass</result>
</dkim>
- <spf>
<domain>bounce.secureserver.net</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
- <record>
- <row>
<source_ip>205.234.18.129</source_ip>
<count>42</count>
- <policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
- <identifiers>
<header_from>mydomain.com</header_from>
</identifiers>
- <auth_results>
- <dkim>
<domain>mydomain.com</domain>
<result>pass</result>
</dkim>
- <spf>
<domain>mydomain.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
_____________________________________________________________
http://mail.dogomania.com - Free email for dog enthusiasts.
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
--
Roland Turner | Director, Labs
TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693
Mobile: +65 96700022 | Skype: roland.turner
[email protected] | http://www.trustsphere.com/
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
